Re: PIX Syslog Message

klisagar · ‎04-07-2006

At what point does the PIX issue the 'connection built' syslog message. Example - 04 04 12:42:38 DMZPIX %PIX-6-302013: Built outbound TCP connection -668712345 for outside:xxx.xxx.xxx.xxx/1234 (xxx.xxx.xxx.xxx/1234) to inside:xxx.xxx.xxx.xxx/4514 (xxx.xxx.xxx.xxx/4514)

Is this done only after a completed TCP handshake or after an intial SYN (is this when PIX builds connection slot?)or some other citeria?

Patrick Iseli · ‎04-07-2006

Syslog message 302013:

Error Message %PIX-6-302013: Built {inbound|outbound} TCP connection number for

interface_name:real_address/real_port (mapped_address/mapped_port) to

interface_name:real_address/real_port (mapped_address/mapped_port) [(user)]

Explanation A TCP connection slot between two hosts was created.

Where:

connection number is a unique identifier.

interface, real_address, real_port identify the actual sockets.

mapped_address, mapped_port identify the mapped sockets.

user is the AAA name of the user.

If inbound is specified, then the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection was initiated from the inside.

Recommended Action None required.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm#wp1054139

sincerely

Patrick

klisagar · ‎04-20-2006

Thank you for the info Patrick, but that does entirely answer the question. Does the PIX create a connection slot upon seeing the intial SYN for the TCP handshake or is there other criteria.

Thanks you.