Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
7
Replies

Dropped packet between PIX

yann.boulet
Level 1
Level 1

‎10-18-2007 11:48 PM - edited ‎03-11-2019 04:27 AM

hello,

i have some dropped packets between 2 PIX first one is PIX 525 V7 and second one is PIX 520 V6.3, there is a cisco catalyst to connect them and i can see dropped packets only on the PIX 525, how can i troubleshoot it ?

The problem is when i access to an https application behind the PIX 520 and to PDM on it, i can't display some pages and on PDM i have some time PDM was unable to contact the PIX, but for the SSH connection i have no issue.

Thank you

Labels:
0 Helpful
7 Replies 7

rsrivast
Level 1
Level 1

‎10-19-2007 12:20 AM

hello

thanks for the question. I have posted the question to internal PIX team and will let you know when I hear an answer. I suggest to check http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/

for more details, since this is mainly IOS security discussion.

thanks

0 Helpful

yann.boulet
Level 1
Level 1
In response to rsrivast

‎10-19-2007 12:27 AM

thank you, i will try to check the link you suggest me

0 Helpful

yann.boulet
Level 1
Level 1
In response to yann.boulet

‎10-24-2007 07:04 AM

hi,

there is no news since my post ?

thx

0 Helpful

m
Level 1
Level 1
In response to yann.boulet

‎10-30-2007 08:37 AM

try to use the norandomseq keyword on your 6.3 PIX with the

"static (inside,outside) netmask norandomseq"

command to try to solve this problem and to stop the PIX from offsetting the TCP sequence number. this might help if "both" devices scramble tcp sequence numbers.

0 Helpful

p-allen
Level 1
Level 1
In response to m

‎11-03-2007 07:25 AM

sounds like a simalar issue we are having. We use a ASA firewall that connects to our isp which also uses a firewall and are seeing alot of out of order packets. We are mainly seeing the issue with one website that sometimes everything is fine and other times we get alot of page can not be displayed. The site is saying that no one else is having an issue but us. The ISP is saying that they also see alot of out of order packets for our connections to the internet. I am wondering if this could be our issue also.

0 Helpful

excession
Level 1
Level 1

‎11-03-2007 11:06 AM

Hi Yann,

Could you describe your topology a little more? From what I understand you have the following.

PDM-----PIX525---CAT---PIX520

Does this issue only happen appear for https?

Is this a new setup or were there changes made recently?

How can you see the dropped packets?

In order to troubleshoot this issue I suggest you get captues on the PIX525 and see what exactly is being dropped. See the following link for details on the capture command

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html#wp1950270

Note you can capture based on "type asp-drop".

You could try to run a "show asp drop" before you experience the problem, the run it again after trying to display the pages you are having problems with and see what counter is increasing.

Have you Syslog? What level are logs enabled at? Maybe you could also check these logs to identify what is being dropped.Check the logs before and after a session.

0 Helpful

sachin.verma
Level 1
Level 1

‎11-05-2007 08:25 PM

Hi yann,

It looks like mtu size issue to me.Kindly check the mtu size defined on the outside and inside interfaces on pix 525 and pix 520 connecting each other on switch.

regards

Sachin Verma

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card