cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
0
Helpful
4
Replies

Pix denies its own syslog traffic to inside

glenn.newman
Level 1
Level 1

Our Pix 535 goes into an error state either when it gets very busy or when the router goes down that is its next hop to its inside routes. Here is what it logs:

"106011: Deny inbound (No xlate) udp src inside:172.31.0.3/514 dst inside:10.10.8.233/514"

The first IP is its own inside interface address. The second is the syslog server. I have seen similar messages posted from others when they have internal routing problems, but the source is never the Pix inside address. Any info on what may cause this message would be helpful.

4 Replies 4

Not applicable

Did you try to allow that IP with either a conduit permit or in the Access list ?? PIX denies all the traffic by default.

I thing you should use clear xlate command.

unitus
Level 1
Level 1

Are you logging via tcp or udp? If you have your logging set to a syslog server using tcp, and that server is unavailable for any reason, the PIX will stop forwarding traffic.

cwangskr
Level 1
Level 1

This is what Cisco Website says.

Error Message %PIX-3-106011: Deny inbound (No xlate) chars

Explanation The message will appear under normal traffic conditions if there are internal users that are accessing the Internet via a web browser. Anytime a connection is reset, when the host at the end of the connection sends a packet after the PIX Firewall receives the reset, this message will appear. It can typically be ignored.

Recommended Action Disable this syslog message from getting logged to the syslog server by entering the no logging message 106011 command.

Review Cisco Networking for a $25 gift card