Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
3
Replies

Large ICMP unreachable packet

Go to solution
tonny_ecmyy
Level 1
Level 1

‎01-03-2005 05:55 PM - edited ‎03-09-2019 09:54 AM

Hi there,

My IDS in PIX receive Large ICMP Unreachable Packet,But Logging In terminal monitor shows nothing about IDS although it is already set to debugging mode. Tear down tcp connection 252 for outside xxx.xxx.xxx.xxx to inside xxx.xxx.xxx.xxx 2906 tcp fins, what thats mean? what is happening in this scenario...

Thanks For helping beginner

Tonny

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
nkhawaja
Cisco Employee
Cisco Employee

‎01-03-2005 09:39 PM

hi,

Tear down message seems normal. It is a normal TCP termination message. About the IDS logging, could you setup a syslog server and send all messages to it. May be it will log the IDS messages.

BTW is IDS active?

Thanks

Nadeem

View solution in original post

0 Helpful

Go to solution
nkhawaja
Cisco Employee
Cisco Employee
In response to tonny_ecmyy

‎01-04-2005 09:21 AM

Hi,

This link is helpful.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/syslog/pixemint.htm

i think KIWI SYSLOG's default configuration should be fine

thanks

Nadeem

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nkhawaja
Cisco Employee
Cisco Employee

‎01-03-2005 09:39 PM

hi,

Tear down message seems normal. It is a normal TCP termination message. About the IDS logging, could you setup a syslog server and send all messages to it. May be it will log the IDS messages.

BTW is IDS active?

Thanks

Nadeem

0 Helpful

Go to solution
tonny_ecmyy
Level 1
Level 1
In response to nkhawaja

‎01-03-2005 10:52 PM

Hi Nadeem,

yes, the IDS is active, i'm using telnet to view the syslog, actually i want to use kiwi syslog, but i have no idea how to configure it...if u don't mind, could you give an example how to configure pix to send syslog to Kiwi syslog and how to configure that kiwi...

Thank you very much

Tonny

0 Helpful

Go to solution
nkhawaja
Cisco Employee
Cisco Employee
In response to tonny_ecmyy

‎01-04-2005 09:21 AM

Hi,

This link is helpful.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/syslog/pixemint.htm

i think KIWI SYSLOG's default configuration should be fine

thanks

Nadeem

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents