02-19-2004 09:45 AM - edited 02-20-2020 11:15 PM
On our network we have two PIX-520 in failover configuration.
Today, for the first time in five years, the active PIX started
generating thousands (almost a million in 15min) of messages:
%PIX-3-211001: Memory allocation Error
The failover PIX didn't switch to active, so the traffic
stopped flowing through the firewall.
A power down/up of the active PIX resolved the problem.
Is it a symptom of an hardware memory failure or an
effect of some hacker attack ??
Has anybody recently experienced a similar problem ?
Thank you,
Alessandro Asson
___________________________________________________________________
CINECA - Via Magnanelli, 6/3 I-40033 Casalecchio di Reno (BO) Italy
e-mail: a.asson@cineca.it tel +39 051 6171411 fax: +39 051 6132198
02-19-2004 01:37 PM
Hi,
Cant say whether it is an attack or a hardware issue at the moment. You need to provide the following
show conn count
show xlat count
show version
Thanks
Nadeem
02-20-2004 02:34 AM
HI,
here is the show xx commands output, taken now, not when the problem was present.. (at that time the pix
was not accessible)
Thank you,
Alessandro Asson
---
pixfirewall# sh conn count
3599 in use, 9146 most used
---
pixfirewall# sh xlat count
2793 in use, 2794 most used
---
pixfirewall# sh ver
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 2.1(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
pixfirewall up 30 days 17 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 00d0.b785.4722, irq 11
1: ethernet1: address is 00d0.b785.4649, irq 10
2: ethernet2: address is 00e0.b601.090e, irq 15
3: ethernet3: address is 00e0.b601.090d, irq 9
4: ethernet4: address is 00e0.b601.090c, irq 11
5: ethernet5: address is 00e0.b601.090b, irq 10
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: 18030673 (0x1132051)
Running Activation Key: 0xe21920a6 0xeac8139b 0x4b3172af 0xb9e4be7c
Configuration last modified by enable_15 at 11:26:10.538 MET Fri Feb 20 2004
02-20-2004 12:16 PM
this output seems to be normal. we would needed the same output at the time of the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide