Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
3
Replies

PIX 515E

Go to solution
slee
Level 1
Level 1

‎09-16-2008 04:55 PM - edited ‎03-11-2019 06:45 AM

We are currently using PIX 515E with OS 7.0. We have some problems with email traffic and suspect the firewall is doing some funny things, so we decided to upgrade to OS 7.2. We have a redundant firewall with the same model and same configuration without failover. Our failover is manual.

We do not know what may happen after upgrading to 7.2, so we upgraded the redundant firewall first. The upgrade is smooth and we have 7.2 loaded with 5.2 ASDM. However, after we have switch our main 10MB to the redundant firewall, no traffic neither coming in nor going out. We have fully shutdown and restart the 10MB modem before turning the redundant firewall on. A workstation can see the firewall but without getting out onto the internet. On the firewall, we are able to ping www.google.com on the outside interface but a workstation behind it is unable to.

After putting back the 10MB connection to the original firewall which has 7.0 OS, it work immediately.

We also have an redundant ADSL internet connection in the office, we have tried to put the ADSL connection on the firewall and reconfigure the IP address, we are able to access the internet at least.

Can someone please help and suggest what I should do next to get this resolved?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
felixjai
Level 1
Level 1

‎09-17-2008 08:42 AM

It is probably because your cold-standby redundant PIX has a different MAC address on the outside interface.

When you put the redundant PIX to the 10mb pipe, the upstream ISP router still has the ARP MAC cached into its RAM for the original PIX. The ARP entries for the original PIX need to be cleared or timed out in order for the router to learn the new MAC from the redundant PIX. I'm not sure what type of 10mb Internet you have. But usually power cycle the upstream router or equipment after switching to the redundant PIX should do the trick. If not, call your ISP, and have them check the upstream ISP router. See if they match the MAC of your redundant PIX for the ARP entries.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
felixjai
Level 1
Level 1

‎09-17-2008 08:42 AM

It is probably because your cold-standby redundant PIX has a different MAC address on the outside interface.

When you put the redundant PIX to the 10mb pipe, the upstream ISP router still has the ARP MAC cached into its RAM for the original PIX. The ARP entries for the original PIX need to be cleared or timed out in order for the router to learn the new MAC from the redundant PIX. I'm not sure what type of 10mb Internet you have. But usually power cycle the upstream router or equipment after switching to the redundant PIX should do the trick. If not, call your ISP, and have them check the upstream ISP router. See if they match the MAC of your redundant PIX for the ARP entries.

0 Helpful

Go to solution
slee
Level 1
Level 1
In response to felixjai

‎09-17-2008 09:41 AM

Thanks for the reply. I just called the ISP and they said it has a 4hr timeout for the mtu. I will test it again and then let you know what the outcome is.

Thanks for your help once again.

0 Helpful

Go to solution
slee
Level 1
Level 1
In response to slee

‎09-18-2008 07:09 AM

It worked. Thanks for your help again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card