Cisco Bug: CSCsg35215 - Syslog server down causes ICMP flood if ICMP is denied at interface
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: If the syslog daemon or process on a host is shut down, but the ASA or PIX keeps sending syslog messages, each syslog message triggers an ICMP unreachable message that is sent back to the firewall. If ICMPs are denied at the interface, this causes a flood of ICMP Unreachable messages since each denied ICMP message in turn causes a syslog message to be sent. Conditions: PIX or ASA fireall running software version in the 7.0 code train.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases