[c-nsp] FWSM logging problem
Tony Varriale
tvarriale at comcast.net
Wed Dec 16 14:14:55 EST 2009
----- Original Message -----
From: "Andrew Yourtchenko" <ayourtch at cisco.com>
To: "Tony Varriale" <tvarriale at comcast.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Wednesday, December 16, 2009 12:54 PM
Subject: Re: [c-nsp] FWSM logging problem
> That's indeed the proper thing to do. And please, after making sure - also
> let the case owner know, that it did fix the problem - it's a step
> sometimes overseen :-)
Yup sure is. :(
> shoot me the case#s unicast, if you still have them. The one I found in a
> quick search did mention the bug ids along with the pretty detailed
> explanations for each, but maybe there were some others where there was
> less info, that I could not find...
I haven't fielded one of these in a little while. Last one was earlier this
year. I'll have to look.
> http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml ?
>
> There could be some other scenarios where by tweaking the object group one
> gets the ACL exploded so much that it does not fit into the network
> processors anymore - then the previously compiled version is being used -
> but generally you get a pretty prominent warning about that.
Nope...NP was fine. How we found it was the ACE not getting hits. So, we
then added an ACE next below the one that was getting passed over and it
would get hit. Obviously this actually added to the size :)
> thanks,
> andrew
No problem. :)
tv
More information about the cisco-nsp
mailing list