From: Brian T. Albert (brian.albert@worldnet.att.net)
Date: Mon Dec 23 2002 - 19:25:24 GMT-3
Use the default of UDP to communicate to your syslog server, and when it's
down your Pix will still function.
Brian
-----Original Message-----
From: Alfred Chin [mailto:chinalfr@attbi.com]
Sent: Monday, December 23, 2002 2:05 PM
To: Brian T. Albert
Cc: CCIESecurity GroupStudy; Ccielab (E-mail)
Subject: Re: PIX Question/Help?
Brian,
I did have a syslog server setup on the PIX. Once I removed the syslog
settings, the PIX start to do NAT again.
Why Syslog function on PIX can affecting the NAT/PAT? Is this a bug?
It's working as of now. But I still wish to setup syslog function. Any
recommendation?
Thanks for the help.
Alfred Chin
----- Original Message -----
From: "Brian T. Albert" <brian.albert@worldnet.att.net>
To: "Sabertech Cisco Training" <haskins@sabertech.net>; "Alfred Chin"
<chinalfr@attbi.com>; <security@groupstudy.com>
Sent: Monday, December 23, 2002 1:49 PM
Subject: RE: PIX Question/Help?
> Alfred,
>
> I have seen this error if you have a syslog server set up in your config
> using TCP instead of UDP to communicate with it, and you lose connectivity
> to the syslog server. Such as with:
>
> logging on
> logging host (inside) 192.168.0.100 tcp/1468
>
> HTH
>
> Brian T. Albert
> CCIE #9682
> brian.albert@worldnet.att.net
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Sabertech Cisco Training
> Sent: Monday, December 23, 2002 10:49 AM
> To: Alfred Chin; security@groupstudy.com
> Subject: RE: PIX Question/Help?
>
>
> Can you supply the entire config?
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Alfred Chin
> Sent: Monday, December 23, 2002 8:25 AM
> To: security@groupstudy.com
> Subject: PIX Question/Help?
>
>
> GlacierI run into some weird problem while setting up a new PIX. I hope
> someone might have some idea what is wrong with my setting or just the
> hardware.
>
> Basically, I try to use NAT from my inside interface to outside interface.
> Here is a sample config.
>
> ip address outside 216.3.99.2 255.255.255.128
> ip address inside 192.168.0.1 255.255.255.0
> global (outside) 1 216.3.99.3 netmask 255.255.255.128
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> route outside 0.0.0.0 0.0.0.0 216.3.99.1 1
>
> Here is the problem, the PIX can't perform any NAT/PAT function. Traffic
is
> not being NAT/PAT from inside to outside. Turn on debugging on the PIX.
> Here is a log from the debugging.
>
> 111008: User 'enable_15' executed the 'clear logging' command.
> 111009: User 'enable_15' executed cmd: show logging
> 609001: Built local-host inside:192.168.0.226
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2265 dst outside:64.58.76.178/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2265 dst outside:64.58.76.178/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2265 dst outside:64.58.76.178/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2266 dst outside:64.58.76.222/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2266 dst outside:64.58.76.222/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2266 dst outside:64.58.76.222/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2267 dst outside:64.58.76.224/80
> 201008: The PIX is disallowing new connections.
> 305006: portmap translation creation failed for tcp src
> inside:192.168.0.226/2267 dst outside:64.58.76.224/80
> 201008: The PIX is disallowing new connections.
>
> This is a PIX 515UR running PIX ver 6.2.2.
>
> Thanks in advance.
>
> Merry Christmas & Happy New Year to all
>
>
> Alfred Chin
.
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:51 GMT-3