Hardware: Sun Enterprise 250 Server Cisco Pix 501 Firewall
Hello everyone, I am brand new to what I am trying to do here, so I'd greatly appreciate any hints. I am trying to troubleshoot a problem where our website goes down almost every day. I believe the firewall is the problem because if I unplug it from the wall for a couple minutes, and plug it back in, everything will work again. We do not get a lot of traffic; I suppose hackers are possible... I'm trying to learn pix device manager 3.0, but I guess what would really help me is I could somehow see the error messages that are presumably saved somewhere right before the site goes down.
Any hints for a desperate novice? I'll post whatever info you need to help me...
Here is a possible hint: I have two Pix 501's because it was assumed that one of them may have gone bad. I'm not sure about that, but they do both do the same thing in that if I turn or bumb the power cable going into them, the VPN tunnel light will temporarily come on. This seems very suspecious to me. I have taken it apart and everything SEEMS ok...
You will probably want to turn on logging to a syslog server. This will basically send the log messages to the server which you can review at a later time. I'm not sure what version you are running on the pix 501, but i will send you the link for the 6.x config guide.
I've learned that 106023 can indicate port scanning. So, I've been plugging IP addresses into reverse-DNS lookup website and low-and-behold, some of the IP's are in China.
Between Aug 13 and today, there are 700 IPs that were logged in the PIX warning file under %PIX-4-106023. Of them, only 175 are unique. The vast majority of these are from China, the rest are from many other countries.
So, the IDS Policy section has two custom entries in it, one for information, and other other for attacks. Thing is, they are both only set to "alarm." So I will try changing them both to also include "drop" and "reset." Maybe this is the, if not part of my problem?
So, the power supply connector on the PIX board is definately a part of the problem. If you gently twist the plug in the connector, or otherwise bump it, the VPN tunnel light will go on, several lights will start flashing, and the connection will start going in and out.
I wonder if anyone has had this problem with their PIXs?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :