Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
4
Replies

PIX & RIPv2 tagged routes

Go to solution
m.mojas
Level 1
Level 1

‎02-10-2004 08:43 AM - edited ‎02-20-2020 11:14 PM

Hello!

I noticed that PIX can't use RIPv2 routing updates which have tagged routes (tag different than zero). For such routing updates I got this error message:

107002: RIP pkt failed from 10.1.20.1: version=2 on interface outside

Is this the feature or the bug?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scoclayton
Level 7
Level 7
In response to m.mojas

‎02-10-2004 10:23 AM

Hi,

You are right on the money. The PIX does not install RIP v2 routes with tags set. This is by design but is probably something we could change relatively easily (the FWSM currently accepts these routes). My guess is that no one has ever asked before. If this is something you would like to see added, contact your local Cisco account team and see about getting a feature enhancement rasied for this. Sorry for the news but I hope this helps answer your question.

Scott

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jmia
Level 7
Level 7

‎02-10-2004 09:16 AM

Hi,

Might be of interest....

Error Message 107002

%PIX-1-107002: RIP pkt failed from IP_address: version=number on interface interface_name

Explanation

This is an alert message. This could be a router bug, a packet with non-RFC values inside, or a malformed entry. This should not happen, and may be an attempt to exploit the PIX Firewall unit's routing table.

Recommended Action

This may be an attack and should be monitored. The packet has passed authentication, if enabled, and bad data is in the packet. The situation should be monitored and the keys should be changed if there are any doubts as to the originator of the packet.

Regards, Jay.

0 Helpful

Go to solution
m.mojas
Level 1
Level 1
In response to jmia

‎02-10-2004 10:02 AM

It is the first thing that I looked for.

I played a little bit with a different tags (numbers) and I got the same message, but when I removed tags from updates PIX started to receive them.

Regards,

Maja

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to m.mojas

‎02-10-2004 10:23 AM

Hi,

You are right on the money. The PIX does not install RIP v2 routes with tags set. This is by design but is probably something we could change relatively easily (the FWSM currently accepts these routes). My guess is that no one has ever asked before. If this is something you would like to see added, contact your local Cisco account team and see about getting a feature enhancement rasied for this. Sorry for the news but I hope this helps answer your question.

Scott

0 Helpful

Go to solution
m.mojas
Level 1
Level 1
In response to scoclayton

‎02-10-2004 11:41 PM

Hello!

Thank you for this information, it helped very much. I'll try to resolve this problem with different approach.

Best regards,

Maja

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card