Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
5
Replies

rv042 any too many security_notifications

jpblcm001
Level 1
Level 1

‎05-10-2016 05:05 AM - edited ‎03-12-2019 12:44 AM

Hello, 

I have a RV042 and on LAN a RW110. I receive too many security_notifications with numerous line like this one :

May 10 12:26:59 2016 MYROUTER-NAME kernel: #warn<4> ACCESS_RULE: IN=eth1 OUT=eth0 SRC=192.168.0.40 DST=192.168.1.200 LEN=64 TOS=0x00 PREC=0x00 TTL=61 ID=51875 DF PROTO=TCP SPT=55321 DPT=3283 WINDOW=65535 RES=0x00 SYN URGP=0

the SRC IP is an IP on the distant LAN connected via VPN  ( a mac running osx 10.9)

the DST IP is the RW110 IP.

I receive many notifications (1or 2 and more by second, the mail of log is full every 10 seconds.

Any help appreciated, I'm a bit lost...

thank you very much.

 

Labels:
0 Helpful
5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

‎05-10-2016 07:20 AM

Hi there,

You need to change the logging level on your router. the RV042 doesn't seem to have a concept of logging level (I was going to suggest setting it to error).

The log message appears to be describing an 'Allowed Policy' as it does not look like it is blocking the conversation.  This can be configured under 'Log -> System Log':

http://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf

...page 155

Which of your 'Log setting' check boxes are ticked?

cheers,

Seb.

0 Helpful

jpblcm001
Level 1
Level 1
In response to Seb Rupik

‎05-10-2016 07:36 AM

Hello Seb,

my logs settings are "simple" : system error message, unauthorized login attempt and configuration changes.

The thing is that I have more than 80 macs (cloned install, so 100% identical but IP of course) on each LAN ( many others RW too) and only 3 of them make my logs crazy. 

Thank you again for your answer

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to jpblcm001

‎05-10-2016 08:05 AM

Odd, I wouldn't have thought that the log message falls under any of those categories. Have you tried unchecking all the log setting checkboxes and seeing if the messages still persit?

0 Helpful

jpblcm001
Level 1
Level 1
In response to Seb Rupik

‎05-10-2016 09:19 AM

I did. I'll post the next thing when appears

I saw in "incoming log table"  plenty of : 

Apr 19 13:13:32 2016 Kernel ipt_tcpmss_target: bad length (298 bytes)

The thing that bored me is the "why" only few equipment cause those errors, I also have some disconnections (AFP, Filemaker...) just like an invisible freeze with no log entries...

thanks

0 Helpful

jpblcm001
Level 1
Level 1
In response to Seb Rupik

‎05-10-2016 10:06 AM

nothing change... still the mail full of logs

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card