Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
1
Replies

Netmeting through VPN-PIX6.2

mcaissie
Level 1
Level 1

‎05-17-2002 09:59 AM - edited ‎03-08-2019 10:40 PM

Hi,

i am running a vpn ( IPSEC - DES ) between two PIX 515 - 6.2 ( 1 ) , and i

run a Microsoft Netmeeting session between two PCs through the tunnel.

Everything seems to work fine , the chat , the video , the sound (even though there is some lag in the video but i suppose that it is caused by

the encryption ,the two PIX outside interface are on the same subnet) , but i get this ciritical log message about every 15 sec.

"Facility: LOCAL4 Priority: CRITICAL

Message: %PIX-2-106012: Deny IP from x.x.125.191 to y.y.0.131, IP options: "0x14""

Cisco documentation says;

%PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex.

Explanation This is a connection-related message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.

Action A security breach was probably attempted. Check the local site for loose source or strict source routing.

What can i do to get rid of this error ? Is it a bug of 6.2 or do i have some configuration optimisation to do ?

I run

fixup protocol h323 ras 1718-1719

fixup protocol h323 h225 1720

thanks

Michel Caissie

Labels:
0 Helpful
1 Reply 1

murabi
Level 4
Level 4

‎05-24-2002 05:56 AM

It’s probably just a packet being sent with the IP options field set. Since the packet is discarded, I suspect your application (netmeeting) resends the packet without the option bit set. Probably nothing to worry about if you’re not having problems.

0 Helpful
Customers Also Viewed These Support Documents