Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1255
Views
0
Helpful
3
Replies

PIX problem when it configured with syslog server with tcp port

wongsusanto
Level 1
Level 1

‎01-15-2002 05:53 PM - edited ‎02-20-2020 09:57 PM

Hi All,

Did someone ever encounter PIX problem when the pix configured for the syslog server with tcp port ?

I encountered this problem when I configured the pix for syslog server with tcp port..the command is logging host (in_if) (host_ip) [tcp/port_number].

Actually there is no problem when the syslog server was up. But when I shut down the server..the pix suddenly can not route packet from inside to outside..but if I did pinging from pix to outside and inside are ok..only if I pinged from inside network, servers which are in inside network, the packets are stopped at pix. the pix image version is 5.1(2). is there any bugs on that version ??

I will really appreciate if some one can helps...

thanks and regards

0 Helpful
3 Replies 3

turnbull
Level 1
Level 1

‎01-16-2002 02:07 AM

This is a feature of the pix when syslogging with TCP.

When the PIX can no longer log to the server, whether because the disk is full or the server is offline, TCP traffic is stopped.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/config.htm#xtocid2803660

Use the default UDP if you do not wish this to happen.

0 Helpful

wongsusanto
Level 1
Level 1
In response to turnbull

‎01-17-2002 12:33 AM

Hi,

thanks for your respon...how about If I use this command logging host (in_if) (host_ip) [udp/port_number]. I use udp instead of tcp. Is that okay ?? Will all the udp packets stop ???

Regards

0 Helpful

turnbull
Level 1
Level 1
In response to wongsusanto

‎01-19-2002 12:30 AM

there is no need to state UDP

It will default to udp 514 as stated in the command ref below

http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/commands.htm#xtocid605042

If you use udp (default) to syslog, if the syslog server becomes unavailable, the traffic will still flow through the PIX. All that will happen is that there will be no logs until the server is brought back online.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card