Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Stuck at Initial stage CISCO pix 515e

Hi

I have a new pix 515e for Home pratice.

1. I couldnt telnet the switch after configuring. should i have to use cross cable or not to connect PC-PIX? (as new switches and routers run through straight cable). more importantly i couldnt even ping the inside ip which is telnet and ssh enabled.

2.  Recieveing the following after executing each and every command on global mode.

******warning****

configuration Replication is NOT performed From standby Unit to Active Unit

configurations are no longer synchronized.

Hope you guys pull me out from these issues

Thanks & Regards

srikanth

9 REPLIES
Purple

Stuck at Initial stage CISCO pix 515e

Hi,

you must use a straight cable to connect and by default inside interface is e1 with a security level of 100 if I remember well.So are you connected to the correct interface?

Post your config  and for pinging the interface then try the following command: icmp 0 0 inside

Concerning the message, this unit was part of a active/standby  config and configured as standby and so this is normal message. Erase startup config and reload then reconfigure the pix.

Alain.

Don't forget to rate helpful posts.
Community Member

Stuck at Initial stage CISCO pix 515e

Hi thanks alain for the info.

can you please look in to my config. ans guide me where am i doing wrong.

pixfirewall(config)# sh run

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

interface ethernet3 auto shutdown

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

nameif ethernet3 intf3 security6

nameif ethernet4 intf4 security8

nameif ethernet5 intf5 security10

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

domain-name wr

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu intf3 1500

mtu intf4 1500

mtu intf5 1500

no ip address outside

ip address inside 10.10.22.1 255.255.255.0

no ip address intf2

no ip address intf3

no ip address intf4

no ip address intf5

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address intf2

no failover ip address intf3

no failover ip address intf4

no failover ip address intf5

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 10.10.22.0 255.255.255.0 inside

telnet timeout 5

ssh 10.10.22.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

dhcpd address 10.10.22.20-10.10.22.220 inside

dhcpd lease 3600

dhcpd ping_timeout 750

username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 2

terminal width 80

Cryptochecksum:481acea90984580c5ac7ef32e5e83afd

: end

Thanks & Regards

Srikanth

Purple

Stuck at Initial stage CISCO pix 515e

Hi,

So telnet access should be ok. For ssh you'll have to configure a key and for icmp it should work also.

Alain.

Don't forget to rate helpful posts.
Community Member

Stuck at Initial stage CISCO pix 515e

Telnet is not working alain

help me out for ssh

default enable, console password is just enter(none)

here is what i configured for ssh

#hostname pix

#domain-name srikanthXX

#ca gen rsa key 1024

#ssh 10.10.22.22 255.255.255.255 inside

#ssh timeout 60

#passwd admin

#ca save all

Here for ssh client i have given 1 host to access 10.10.22.22/32 .

I have given my pc ip as 10.10.22.22/24 through putty if i ssh to 10.10.22.22 at port 22 im getting login screen as follows(if i get the login screen then im using right cable(straight cable as u said) here right )

login as: admin
admin@10.10.22.50's password:
Access denied
admin@10.10.22.50's password:
Access denied
admin@10.10.22.50's password:

here i tried with admin as login, password as login couldnt get access to pix

tried with blank login and password dint work ..

if i ssh to inside interface ip i.e 10.10.22.1 couldnt get login screen.

can you please clearly explain what should be done to work out this.(please help me out as i have to implement this in my organization.)

Thanks & regards

srikanth

Purple

Stuck at Initial stage CISCO pix 515e

Hi,

You must use the username admin and the corresponding password you configured in the username command. and you must do this at the inside IP . Is the interface up/up?  ---> sh interface e1

The commands you entered are ok and it should work.

Alain.

Don't forget to rate helpful posts.
Community Member

Re: Stuck at Initial stage CISCO pix 515e

HI alain

still not able to telnet or ssh. most importantly i couldnt ping.

i have attached a complete sh run, sh ssh, sh telnet, sh arp, sh int eth1

please have a look in to it.. hope u give me a solution.

THanks & regards

srikanth

Community Member

Re: Stuck at Initial stage CISCO pix 515e

HI all

can anyone pplease look in to the attached file and say me wr root cause..

this is really weired as i feel  everythin frm my comfig. is fine. still couldnt ping,telnet,ssh ....

regards

srikanth

Purple

Stuck at Initial stage CISCO pix 515e

Hi,

you're pinging from the pix to 2 IPs and none respond but you've got an ARp entry for one of these.

So the one with ARP entry is maybe blocking ICMP echo-requests? did you try disabling software firewall on this machine?

For the other one  where is it suppose to be in the topology because there seems it won't even ARP reply?

For telnet/ssh I don't see any output from hosts supposed to be using these protocols not accessing the Pix firewall?

Alain.

Don't forget to rate helpful posts.
Community Member

Stuck at Initial stage CISCO pix 515e

Hi,

Try adding the following command for your SSH issue.

aaa authentication enable console LOCAL

576
Views
0
Helpful
9
Replies
CreatePlease to create content