08-23-2005 09:49 AM - edited 02-21-2020 12:20 AM
Since I have upgraded to v7.0 on my PIX525 I have noticed a weird problem that I have been unable to resolve with regards to my PIX syslogging. A handful of times per week, I get log messages that indicate my email gateway is trying to send approximately 4.2GB mail messages to various mail servers.
Problem is I do not see any indication of this in my mail server logs, my SMTP gateway logs, and my bandwidth monitor is not reporting this. We usually move about 1.5 GB a day through our internet pipe so if there was an additional 4.2 GB in traffic, I would know. I have tried sniffing the traffic from the mail server and I do not capture anything that correlates to the syslog entry. I cannot find any info anywhere relating to this and I was wondering if anyone has seen this issue.
Thanks.
Solved! Go to Solution.
09-02-2005 12:15 PM
Cisco bug trac posts the following caveat, fixed in version 7.02:
CSCeh96708 Yes Syslog reports erroneous transfer size in TCP Teardown 302014 syslog
Please upgrade to version 7.02 and these messages will be fixed.
Please rate this post if it was helpful.
08-23-2005 12:36 PM
Could you please post some of these anomolous log entries? Also, have you tried sniffing the PIX inside and outside interfaces to see if it sees any of this traffic.
09-02-2005 05:31 AM
Hello all,
I have the same problem.
Heres my log lines for two connections.
Sep 2 01:21:04 10.2.1.252 %PIX-6-302014: Teardown TCP connection 39610178 for outside:130.228.4.161/80 to DMZ1:172.17.2.235/55672 duration 0:03:12 bytes 4294967292 TCP Reset-O
Sep 2 01:22:04 10.2.1.252 %PIX-6-302014: Teardown TCP connection 39610199 for outside:130.228.4.161/80 to DMZ1:172.17.2.235/55676 duration 0:04:05 bytes 4294967292 TCP Reset-O
You can see that the data i like 4 gb, but it have bneen received in 3 minutes from the outside. Our Internet connection is 10 Mbs.
This happens every day, when connecting to the same host on the outside.
We have an PIX 525 with OS 7.0.1.
Regards
Jorgen Hoffmeister
09-02-2005 12:15 PM
Cisco bug trac posts the following caveat, fixed in version 7.02:
CSCeh96708 Yes Syslog reports erroneous transfer size in TCP Teardown 302014 syslog
Please upgrade to version 7.02 and these messages will be fixed.
Please rate this post if it was helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide