Re: Events 106011 and 106015 help

Peter010101 · ‎12-06-2003

I have two PIX to syslog logs that I looked thorough, But this time I used firewallanalyzer to do a report based on syslog data. Here is what I found:

12/4 12:33pm -2:18pm:

106011 No routing to arrival interface. event count 124426 38.45%

302013 Built TCP connection event count 84424 26.09%

106015 Deny TCP no connection established. event count 67932 20.99%

305011 TCP UDP ICMP Address Translation slot created. event count 33707 10.42%

302015 Built UDP connection event count 10883 3.36%

106023 Deny IP packet by access-list. event count 1884 0.58%

305005 Translate group not found. event count 192 0.06%

110001 No route.event count 54 0.02%

609001 event count 33 0.01%

305009 Address Translation slot created. event count 24 0.01%

Patched all the 106011 PC with latest security patched from Microsoft and the error event went away. I didn't know what to make of the 106015 events because they were from different PC's.

Peter010101 · ‎12-06-2003

12/5 every 30 min starting at mindnight to 6 am:

106015 Deny TCP no connection established. event count 87481 75.67%

302013 Built TCP connection event count 11310 9.78%

302015 Built UDP connection event count 5048 4.37%

305011 TCP UDP ICMP Address Translation slot created. event count 3854 3.33%

305012 Teardown TCP UDP ICMP Address Translation slot. event count 3830 3.31%

106023 Deny IP packet by access-list. event count 3587 3.10%

305005 Translate group not found. event count 380 0.33%

110001 No route. event count 60 0.05%

302010 TCP connections in use. event count 21 0.02%

609002 Network state container for the host IP address connected to interface name is removed. event count 13 0.01%

A rdiculous amount of 106015 messages, 75% of my traffic, these come from about 10 different outside I