02-10-2004 08:43 AM - edited 02-20-2020 11:14 PM
Hello!
I noticed that PIX can't use RIPv2 routing updates which have tagged routes (tag different than zero). For such routing updates I got this error message:
107002: RIP pkt failed from 10.1.20.1: version=2 on interface outside
Is this the feature or the bug?
Solved! Go to Solution.
02-10-2004 10:23 AM
Hi,
You are right on the money. The PIX does not install RIP v2 routes with tags set. This is by design but is probably something we could change relatively easily (the FWSM currently accepts these routes). My guess is that no one has ever asked before. If this is something you would like to see added, contact your local Cisco account team and see about getting a feature enhancement rasied for this. Sorry for the news but I hope this helps answer your question.
Scott
02-10-2004 09:16 AM
Hi,
Might be of interest....
Error Message 107002
%PIX-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name
Explanation
This is an alert message. This could be a router bug, a packet with non-RFC values inside, or a malformed entry. This should not happen, and may be an attempt to exploit the PIX Firewall unit's routing table.
Recommended Action
This may be an attack and should be monitored. The packet has passed authentication, if enabled, and bad data is in the packet. The situation should be monitored and the keys should be changed if there are any doubts as to the originator of the packet.
Regards, Jay.
02-10-2004 10:02 AM
It is the first thing that I looked for.
I played a little bit with a different tags (numbers) and I got the same message, but when I removed tags from updates PIX started to receive them.
Regards,
Maja
02-10-2004 10:23 AM
Hi,
You are right on the money. The PIX does not install RIP v2 routes with tags set. This is by design but is probably something we could change relatively easily (the FWSM currently accepts these routes). My guess is that no one has ever asked before. If this is something you would like to see added, contact your local Cisco account team and see about getting a feature enhancement rasied for this. Sorry for the news but I hope this helps answer your question.
Scott
02-10-2004 11:41 PM
Hello!
Thank you for this information, it helped very much. I'll try to resolve this problem with different approach.
Best regards,
Maja
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide