Community Member

501 possible hardware failure... want to make sure

I have a 501e that I'm really suspicious of. I have several locations with 501e's, and I had previously set this one up at a location and had connectivity issues, when I changed firewalls, I also changed configs so I was unsure if the firewall in question was really bad or not.

I just tried placing it in a different location, and am experiencing the following:

After configuring the outside ip address to match the ip supplied by the cable modem, setting the route, I would check sho int and it would say int e0 is up, line protocol is up.

Then I would do a ping from within the CLI to outside IP addresses I know are consistently up, and get a general response like the following for all IP's tried.

x.x.x.x response received -- 60ms

x.x.x.x NO response received -- 1000ms

x.x.x.x NO response received -- 1000ms

Occasionally I would get something like

x.x.x.x response received -- 60ms

x.x.x.x NO response received -- 1000ms

x.x.x.x response received -- 100ms

I could never see through the firewall from the desktops, but I had a friend with a linux box say he could get about 50% ping to the firewall's outside IP. I am currently off site and cannot ping the firewall's outside IP from my desktop though with a win2k box.

Another interesting fact to note is that I tried to swap between a straight-through cable and a crossover cable and got the same response. I was under the impression that the 501 would not do any sort of auto-switching.

If it doesnt, then how was I able to get the same sort of ping outs on both cables?

The only other issue I can think of is possibly with connecting to the cable modem. When I connect a desktop to the modem directly, it picks up the IP by dhcp. With other cable modems in the past I've been able to assign the designated IP directly to a router and not have an issue. The cable company says the IP shouldnt change for 6 months... so is there any way that it could be having a problem using that dynamic IP and treating it like a static? (other than the fact that when it does eventually change, i'll have to be on site to fix it)

Thank you for your time,


Community Member

Re: 501 possible hardware failure... want to make sure

Most cable connections use a type of PPPoE, that is the host should send a

hostname. The PIX does not do that at this time.

So the work around would be that hard code the outside address and set a static route.

Set the inside PC to point at the pix and set the DNS servers there.

Community Member

Re: 501 possible hardware failure... want to make sure


First, DSL uses PPPoE, Cable generally does not.

Second, PIX 6.2.2 does support PPPoE, I know because I use it on 2 of my 4 PIX firewalls to authenticate to DSL lines. It's done with VPDN.

Third, As I stated, I was hard coding the static route and outside address.

I think I have this problem resolved on my own though, as I suspected it was a hardware issue. Cisco has RMA'd my 501e and I have the new one working in a test environment.

