----- Original Message -----
From: "Andrew Yourtchenko" <ayour...@cisco.com>
To: "Tony Varriale" <tvarri...@comcast.net>
Cc: <cisco-nsp@puck.nether.net>
Sent: Wednesday, December 16, 2009 12:54 PM
Subject: Re: [c-nsp] FWSM logging problem
That's indeed the proper thing to do. And please, after making sure - also
let the case owner know, that it did fix the problem - it's a step
sometimes overseen :-)
Yup sure is. :(
shoot me the case#s unicast, if you still have them. The one I found in a
quick search did mention the bug ids along with the pretty detailed
explanations for each, but maybe there were some others where there was
less info, that I could not find...
I haven't fielded one of these in a little while. Last one was earlier this
year. I'll have to look.
http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml ?
There could be some other scenarios where by tweaking the object group one
gets the ACL exploded so much that it does not fit into the network
processors anymore - then the previously compiled version is being used -
but generally you get a pretty prominent warning about that.
Nope...NP was fine. How we found it was the ACE not getting hits. So, we
then added an ACE next below the one that was getting passed over and it
would get hit. Obviously this actually added to the size :)
thanks,
andrew
No problem. :)
tv
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/