09-20-2002 09:59 AM - edited 02-20-2020 10:15 PM
1) What command do I use to change the firewall's password?
2) What command do I use to clear ARP cache? We frequently experience problems with a rendom number of users not being able to get out to the Internet (they can see/ping the inside port of the firewall, but that's it). At the same time, other users are able to get out just fine. In the past, we've cycled the power on the PIX and the problem went away.
3) Does anyone know what might be cause problem 2?
09-20-2002 11:15 AM
1) passwd ...
enable password ...
2)clear arp
3)what version of the pix? What load is the pix under during this? Try show conn and sh xlate.
Steve
09-20-2002 01:11 PM
Hi Steve. Thanks for the reply.
Our firewall is a 515E version 6.1(4)
Show conn returns: 76 in use, 522 most used
Show xlate returns: 189 in use, 189 most used
09-20-2002 01:34 PM
Additionally, it seems to be specific IP addresses that get blocked. On the effected computer, if we change the IP address, the computer can access the Internet.
If I change my computer's IP to the one in question, I can no longer get out to the Internet.
Hope this helps.
09-20-2002 03:37 PM
What does your nat command look like? Does the IPs in question fall under that range?
Steve
09-20-2002 03:46 PM
Sorry, what would the syntax? Please be patient with me as I'm an extreme newbie.
would it be "sh nat"?
09-21-2002 04:11 PM
Yes it is show nat (also show config will show everything and you can pick your way through looking for what you want if you ever can't remember the command). Show nat should have a range of IPs (that is allowed to be NATed) or 0 0 (allows all IPs).
Is the IP that doesn't work in that range?
09-23-2002 01:11 AM
Do you have a 501?
If you go over the number of users allowed then the subsequent users will not go out. Reloading the pix will solve this until you reach the user limit again. There are timers
Just a thought. If not no worries.
cheers
Andy
gfullage said this in the "PIX 501-10 and PIX 501-50" question.
"sho local-host" and "clear local-host" are the commands you want to get familiar with. If a host has no connections associated with it then it shouldn't be included in the 10 hosts that your licence is limiting you to.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: