Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1324
Views
0
Helpful
1
Replies

Pix syslog message

r-remien
Level 1
Level 1

‎12-10-2001 11:30 AM - edited ‎02-20-2020 09:55 PM

I have a frame relay network that comes into the hub router into corporate HQ. We have a large SAP implementation that is hosted at a 3rd party location. So, traffic flows from the Frame, into the inside interface of the Corporate PIX 515, out the dmz interface of the Corporate Pix, into a router on the same subnet as the dmz, and then across a frame relay link to the SAP host. I am getting several hundred syslog messages per hour with the following error, %PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex. The hex options is 0x14. The source IP is from several different hosts somewhere on the frame and the destination is to one of our SAP servers. The docs say that the SAP client application is altering the IP packet and the PIX is seeing it as some kind of security breach and discarding the packet. Our SAP has slowdowns constantly and I think this is part of the cause of slowdowns.

Thanks,

RJ

0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎12-10-2001 12:14 PM

So you know:

Most of the engineers on this Forum are more familiar with the Cisco IDS product line IDS-4210, IDS-4230, and WS-x6381-IDS.

You might get lucky and have someone familiar with Pix details also following this Forum, but if you don't get any answers here then I suggest you try this question on the FireWall Forum.

You mught have better luck contacting the Pix engineers on the FireWall Forum.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card