Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
3
Replies

Strange logging issue with PIX

Go to solution
ddufault
Level 1
Level 1

‎08-23-2005 09:49 AM - edited ‎02-21-2020 12:20 AM

Since I have upgraded to v7.0 on my PIX525 I have noticed a weird problem that I have been unable to resolve with regards to my PIX syslogging. A handful of times per week, I get log messages that indicate my email gateway is trying to send approximately 4.2GB mail messages to various mail servers.

Problem is I do not see any indication of this in my mail server logs, my SMTP gateway logs, and my bandwidth monitor is not reporting this. We usually move about 1.5 GB a day through our internet pipe so if there was an additional 4.2 GB in traffic, I would know. I have tried sniffing the traffic from the mail server and I do not capture anything that correlates to the syslog entry. I cannot find any info anywhere relating to this and I was wondering if anyone has seen this issue.

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rsmith
Level 3
Level 3
In response to j.hoffmeister

‎09-02-2005 12:15 PM

Cisco bug trac posts the following caveat, fixed in version 7.02:

CSCeh96708 Yes Syslog reports erroneous transfer size in TCP Teardown 302014 syslog

Please upgrade to version 7.02 and these messages will be fixed.

Please rate this post if it was helpful.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
rsmith
Level 3
Level 3

‎08-23-2005 12:36 PM

Could you please post some of these anomolous log entries? Also, have you tried sniffing the PIX inside and outside interfaces to see if it sees any of this traffic.

0 Helpful

Go to solution
j.hoffmeister
Level 1
Level 1
In response to rsmith

‎09-02-2005 05:31 AM

Hello all,

I have the same problem.

Heres my log lines for two connections.

Sep 2 01:21:04 10.2.1.252 %PIX-6-302014: Teardown TCP connection 39610178 for outside:130.228.4.161/80 to DMZ1:172.17.2.235/55672 duration 0:03:12 bytes 4294967292 TCP Reset-O

Sep 2 01:22:04 10.2.1.252 %PIX-6-302014: Teardown TCP connection 39610199 for outside:130.228.4.161/80 to DMZ1:172.17.2.235/55676 duration 0:04:05 bytes 4294967292 TCP Reset-O

You can see that the data i like 4 gb, but it have bneen received in 3 minutes from the outside. Our Internet connection is 10 Mbs.

This happens every day, when connecting to the same host on the outside.

We have an PIX 525 with OS 7.0.1.

Regards

Jorgen Hoffmeister

0 Helpful

Go to solution
rsmith
Level 3
Level 3
In response to j.hoffmeister

‎09-02-2005 12:15 PM

Cisco bug trac posts the following caveat, fixed in version 7.02:

CSCeh96708 Yes Syslog reports erroneous transfer size in TCP Teardown 302014 syslog

Please upgrade to version 7.02 and these messages will be fixed.

Please rate this post if it was helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card