This is a discussion on [fw-wiz] problem with pix515/pixos 6.3 running and xlate tables - Firewalls ; Hi, I've got a problem with a pix 515E running 6.3(5) PIXos It appears that every now and again, one of their computers on the inside interface will lose connectivity (for no apparent reason--nothing at log level "INFO" or above ...
I've got a problem with a pix 515E running 6.3(5) PIXos
It appears that every now and again, one of their computers on the
inside interface will lose connectivity (for no apparent reason--nothing
at log level "INFO" or above to indicate a problem) to the outside
world. I tried many things (maybe there was some bizarre entry in an ACL
I was missing, maybe one IP address was blackholed somewhere, I couldn't
Finally, this morning, I did a
> clear xlate
and the problem vanished.
Now, manual intervention for a sporadic problem isn't a really good
thing. Is there some known issue with this train of PIXOS that causes
one translated IP (out of a group of 14-16, the others of which are OK)
to be blackholed? Some internal table overflow?
(Breaking news flash: I also just found out that the clock on the PIX
was WAAAAY off -- must never have been set or just lost its way and
there was never any NTP configuration in the box, so I have it syncing
now off of pool.ntp.org...and the time is correct now.)
Possibly pertinent info:
> xxxxpix1# show ver
> Cisco PIX Firewall Version 6.3(5)
> Cisco PIX Device Manager Version 3.0(0)141
> Compiled on Thu 04-Aug-05 21:40 by morlee
> xxxxpix1 up 9 days 15 hours
> Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
> Flash E28F128J3 @ 0x300, 16MB
> BIOS Flash AM29F400B @ 0xfffd8000, 32KB
> Encryption hardware device : VAC (IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.
> 0: ethernet0: address is 000c.3053.xxxx, irq 10
> 1: ethernet1: address is 000c.3053.xxxx, irq 11
> 2: ethernet2: address is 00e0.b606.xxxx, irq 11
> 3: ethernet3: address is 00e0.b606.xxxx, irq 10
> 4: ethernet4: address is 00e0.b606.xxxx, irq 9
> 5: ethernet5: address is 00e0.b606.xxxx, irq 5
> Licensed Features:
> Failover: Enabled
> VPN-DES: Enabled
> VPN-3DES-AES: Enabled
> Maximum Physical Interfaces: 6
> Maximum Interfaces: 10
> Cut-through Proxy: Enabled
> Guards: Enabled
> URL-filtering: Enabled
> Inside Hosts: Unlimited
> Throughput: Unlimited
> IKE peers: Unlimited
> This PIX has an Unrestricted (UR) license.
> Serial Number: 8xxxxxxx9 (0x3xxxxxx7)
> Running Activation Key: 0x3dexxxxx 0x44xxxxxx 0x8xxxxxxx 0xxxxxxxxx
Thanks in advance for any help! I'll summarize to the list, if there are
sufficient responses to do so.
jerry b. altzman firstname.lastname@example.org www.jbaltz.com
thank you for contributing to the heat death of the universe.
firewall-wizards mailing list