Pix 501 connection problem

Unanswered Question
Aug 22nd, 2008

I have setup two pix 501 running OS version 6.3(5) with a 10 user license between two offices conencted via DSL. Traffic flows both ways as intended. However, occasionaly I have a problem where I cannot remote onto any machine at the remote office from my main office using various methods (remote desktop, vnc, pcanywhere, etc) or access network shares. I can ping these machines and I do receive replies. Why would icmp work and not anything else? The only way I have found to restore the connection is to reboot (reload) the pix at my main office. As soon as it comes back up the connections work. Could this be a licensing issue as I have only 10 licenses. When I do sh conn from the console it shows 23 in use 43 most used on the pix at my office and 27 in use 71 most used at the remote office. Does this indicate that I am over the limit? Could this be my problem. I need to get this fixed asap as rebooting the pix kicks the remote users off for a few seconds. Are their any other commands I can use to figure out the problem? Any help would be greatly appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

the show conn command - can show multiple connections from the same machine.

if you have a switch at the sites - see how many mac addresses are present, also if there are any unauthorised "hubs" attached.

At the end of the day - the licensing is for known ip addresses on the inside interface. do a show arp on the firewall to see how many ip's are actually known?

ccosper08 Fri, 08/22/2008 - 06:58

At the main office I count 1 outside ip address and 14 inside. At the remote office I count 1 outside and 10 inside. Does this mean I need to buy 50 license upgrade for both locations? Thanks again...

ccosper08 Fri, 08/22/2008 - 07:07

So would this be causing the icmp packets to flow but not any others? Also how do you upgrade the license?

Thanks again...

ccosper08 Fri, 08/22/2008 - 07:31

Yes I can purchase a license from my distributor but once I get it how to I install it on the pix. Thanks again...

ccosper08 Thu, 08/28/2008 - 11:45

Well I received my unlimited user license for the main PIX and the 50 user license for one of the remote offices. I added the activation key and everything went according to plan. I notice when I do a sh ver that it shows IKE peers is 10. Is this anything to be concerned about? When I do a sh crypto isakmp sa from the main pix at my office it shows the two remote offices (two lines with a unique ip) that I have connected and each ip has a column that says created 3. Does that mean that I have 6 in use?


This Discussion