Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Novice questions about PIX

Unanswered Question
Sep 20th, 2002
User Badges:

1) What command do I use to change the firewall's password?

2) What command do I use to clear ARP cache? We frequently experience problems with a rendom number of users not being able to get out to the Internet (they can see/ping the inside port of the firewall, but that's it). At the same time, other users are able to get out just fine. In the past, we've cycled the power on the PIX and the problem went away.

3) Does anyone know what might be cause problem 2?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
steve.barlow Fri, 09/20/2002 - 11:15
User Badges:
  • Silver, 250 points or more

1) passwd ...

enable password ...

2)clear arp

3)what version of the pix? What load is the pix under during this? Try show conn and sh xlate.


durandj Fri, 09/20/2002 - 13:11
User Badges:

Hi Steve. Thanks for the reply.

Our firewall is a 515E version 6.1(4)

Show conn returns: 76 in use, 522 most used

Show xlate returns: 189 in use, 189 most used

durandj Fri, 09/20/2002 - 13:34
User Badges:

Additionally, it seems to be specific IP addresses that get blocked. On the effected computer, if we change the IP address, the computer can access the Internet.

If I change my computer's IP to the one in question, I can no longer get out to the Internet.

Hope this helps.

steve.barlow Fri, 09/20/2002 - 15:37
User Badges:
  • Silver, 250 points or more

What does your nat command look like? Does the IPs in question fall under that range?


durandj Fri, 09/20/2002 - 15:46
User Badges:

Sorry, what would the syntax? Please be patient with me as I'm an extreme newbie.

would it be "sh nat"?

steve.barlow Sat, 09/21/2002 - 16:11
User Badges:
  • Silver, 250 points or more

Yes it is show nat (also show config will show everything and you can pick your way through looking for what you want if you ever can't remember the command). Show nat should have a range of IPs (that is allowed to be NATed) or 0 0 (allows all IPs).

Is the IP that doesn't work in that range?

Do you have a 501?

If you go over the number of users allowed then the subsequent users will not go out. Reloading the pix will solve this until you reach the user limit again. There are timers

Just a thought. If not no worries.



gfullage said this in the "PIX 501-10 and PIX 501-50" question.

"sho local-host" and "clear local-host" are the commands you want to get familiar with. If a host has no connections associated with it then it shouldn't be included in the 10 hosts that your licence is limiting you to.


This Discussion