Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
976
Views
5
Helpful
7
Replies

Novice questions about PIX

durandj
Level 1
Level 1

‎09-20-2002 09:59 AM - edited ‎02-20-2020 10:15 PM

1) What command do I use to change the firewall's password?

2) What command do I use to clear ARP cache? We frequently experience problems with a rendom number of users not being able to get out to the Internet (they can see/ping the inside port of the firewall, but that's it). At the same time, other users are able to get out just fine. In the past, we've cycled the power on the PIX and the problem went away.

3) Does anyone know what might be cause problem 2?

0 Helpful
7 Replies 7

steve.barlow
Level 7
Level 7

‎09-20-2002 11:15 AM

1) passwd ...

enable password ...

2)clear arp

3)what version of the pix? What load is the pix under during this? Try show conn and sh xlate.

Steve

durandj
Level 1
Level 1
In response to steve.barlow

‎09-20-2002 01:11 PM

Hi Steve. Thanks for the reply.

Our firewall is a 515E version 6.1(4)

Show conn returns: 76 in use, 522 most used

Show xlate returns: 189 in use, 189 most used

0 Helpful

durandj
Level 1
Level 1
In response to steve.barlow

‎09-20-2002 01:34 PM

Additionally, it seems to be specific IP addresses that get blocked. On the effected computer, if we change the IP address, the computer can access the Internet.

If I change my computer's IP to the one in question, I can no longer get out to the Internet.

Hope this helps.

0 Helpful

steve.barlow
Level 7
Level 7
In response to durandj

‎09-20-2002 03:37 PM

What does your nat command look like? Does the IPs in question fall under that range?

Steve

0 Helpful

durandj
Level 1
Level 1
In response to steve.barlow

‎09-20-2002 03:46 PM

Sorry, what would the syntax? Please be patient with me as I'm an extreme newbie.

would it be "sh nat"?

0 Helpful

steve.barlow
Level 7
Level 7
In response to durandj

‎09-21-2002 04:11 PM

Yes it is show nat (also show config will show everything and you can pick your way through looking for what you want if you ever can't remember the command). Show nat should have a range of IPs (that is allowed to be NATed) or 0 0 (allows all IPs).

Is the IP that doesn't work in that range?

0 Helpful

agoodwin
Level 1
Level 1

‎09-23-2002 01:11 AM

Do you have a 501?

If you go over the number of users allowed then the subsequent users will not go out. Reloading the pix will solve this until you reach the user limit again. There are timers

Just a thought. If not no worries.

cheers

Andy

gfullage said this in the "PIX 501-10 and PIX 501-50" question.

"sho local-host" and "clear local-host" are the commands you want to get familiar with. If a host has no connections associated with it then it shouldn't be included in the 10 hosts that your licence is limiting you to.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card