Cisco Pix UDP Built

[Amodiovalerio Verde <amodiovalerio.verde () ags-it com>]

Hi all,

I'm writing a tool to manage and analyze the logs coming from Cisco Pix 
and module FWSM.

All the logs are sent to a syslog server to collect and analyze them in 
realtime.

I've a problem with a PIX message I couldn't understand the behaviour.

The message is the %PIX|FWSM-6-302005 and it is related to a Build 
connection...the format is

Built UDP connection for faddr 1.1.1.1/1 gaddr 2.2.2.2/2 laddr 3.3.3.3/3

The problem is that I cannot be sure of the direction of the connection, 
i.e. I don't know if it was the faddr opening a connection to laddr, or 
viceversa.

Cisco Pix seems just to ignore the direction of the connection ( that in 
the TCP Build is specified as inbound or outbound ).

Can anybody give me some clue about this behaviour ? it's a pix 'limit' ?

Thanks in advance

Amodiovalerio Verde

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------