08-14-2001 07:37 AM - edited 03-08-2019 08:36 PM
I upgraded a PIX 515 from 5.1(4) to 6.0(1) and now I am seeing some strange syslog messages at the rate of about 200/hour. The message is as follows:
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:216.52.4.52 (Unresolved) /80 dst outside:X.X.X.250 (test.mycompany.com) /7943
The test.mycompany.com host is my NAT address for inside. I am quessing that the xlate is timing out but I used to never get this message before I upgraded to PIX 6.0 and the xlate timeout is the same on the old version and the new version. Anyone have any ideas on why this message is bombing my syslog server.
08-17-2001 06:43 AM
If the log entry is similar to "PIX-3-106011: Deny inbound (No xlate) tcp src outside:x.x.x.x/2657 dst outside:y.y.y.y/80", you are dropping "CodeRed" packets.
Cisco advisory.
http://www.cisco.com/tac/newsflash/codered_secadvisory_08162001.html
10-31-2001 07:19 PM
Just wondering what if the message is the other way round ?
PIX-3-106011: Deny inbound (No xlate) tcp src outside:x.x.x.x/80 dst outside:y.y.y.y/2374
or when the port number are not 80 but others ?
Any idea on that ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide