10-08-2007 01:43 AM - edited 03-11-2019 04:22 AM
Hi All,
I have 2 pix firewalls in failover mode. All of a sudden the primary started dropping all traffic on the inside interface.
when doing a sh log I was seeing litterally hundreds of Deny UDP reverse path check errors on the inside interface. the log counter was going up hundreds in seconds with these messages.
so I turned off the primary firewall and the standby kicked in and there are no issues at all. as soon as you turn the primary back on same problem, all traffic on inside is dropped.
I have the
ip verify reverse-path interface inside
command turned on so its doing its job if its spoofing but why am I not seeing the same problem on the secondry firewall once that has become active?
Im stumped with this
thanks
oh yeah and the ip address source in the log message is a 169.254.127.47 so 169.254.255.255 which the last two octets in the source address changing all the time.
10-12-2007 08:57 AM
The use of a pair of identical PIX devices (model, memory, network interface cards (NICs), operating system versions), high availability can be provided with no operator intervention.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml
10-14-2007 09:47 AM
Sounds like it might be dropping packets due to CPU overutilization due a DoS attack from someone inside spoofing those IP address of 169.254.x.x. Have you checked the CPU when that occurs?
if you had that command in there working before, then something other than configuration or hardware is triggering the packets on the inside interface to be dropped. My guess is someone is causing trouble perhaps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide