Hello everyone,
We've been using our Pix 501 for a bit over a year now, but just recently aquired any sort of log analysis software to be able to break down the logs. In doing so, this error seemed particularly strange:
7-710005 UDP request discarded from 192.168.1.7/nnnn to inside:255.255.255.255/nnnn192.168.1.7 is an active directory server inside out network with a static map to a public IP of .7, we're getting around 85,000 of these messages in the logs per day! It seems to be a ton of UDP requests going to port 20,000 and broadcasting to 255.255.255.255 and getting 'no service' responses/errors (but wouldn't the broadcast address be
192.168.1.255?). Port 20,000 seems to be DNP (Distributed Network Protocol).I've done the usual administrative checks on the server for unnecessary services/spyware/viruses/trojans and it looks to be clean, so I'm lost for an answer at this point.
Here's the general config of the NAT on the pix:
global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 192.168.1.0 255.255.255.0 0 0 static (inside,outside) 198.xxx.xxx.7 192.168.1.7 netmask
255.255.255.255 0 0Any help would be greatly appreciated!
Michael Cox