Re: PPTP hangs

misha_shch · ‎02-03-2004

Hi,

I have a problem with PPTP on PIX515 with software 6.3.3 It is connected to Internet. The problem is that in some moment no PPTP sessions can be established. At this moment the following wtring is logged

Feb 02 2004 08:33:10: %PIX-7-710005:

TCP request discarded from internet_ip_addr/3053 to outside:outside_intf_addr/pptp

It happens without any regular period.

The problem can be solved by issuing commands

no vpdn enable outside, vpdn enable outside.

I don't think that it is an atack as the number of connections is not more then usually.

I found an old bug CSCds21095 that seems to be the same, but it is already resolved in 6.1.3

Is it possible that it reappeared?

Also there was a question in this forum but with no answer:

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&type=bookmarks&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.ee988ee

umedryk · ‎02-09-2004

This message appears when the firewall does not have a UDP server that services the UDP request. The message can also indicate a TCP packet that does not belong to any session on the firewall. In addition, this message appears (with the service snmp) when the firewall receives an SNMP request with an empty payload, even if it is from an authorized host. When the service is snmp, this message occurs a mximum of 1 time every 10 seconds so that the log receiver is not overwhelmed. Action In networks that heavily utilize broadcasting services such as DHCP, RIP or NetBios, the frequency of this message can be high. If this message appears in excessive number, it may indicate an attack.

misha_shch · ‎02-09-2004

Of course I've already seen this description of the message. But the problem is that it is shown for legitimate connections and no connections can be established.

shawn · ‎03-23-2005

I'm having the same problem. Did you ever find a fix?