Preview Tool

Cisco Bug: CSCsg35215 - Syslog server down causes ICMP flood if ICMP is denied at interface

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)


If the syslog daemon or process on a host is shut down, but the ASA or PIX
keeps sending syslog messages, each syslog message triggers an ICMP
unreachable message that is sent back to the firewall.  If ICMPs are
denied at the interface, this causes a flood of ICMP Unreachable messages
since each denied ICMP message in turn causes a syslog message to be sent.


PIX or ASA fireall running software version in the 7.0 code train.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.