Re: Cisco PIX 501 PROBLEM

sgozio · ‎05-12-2006

Hi all,

I have one Cisco PIX 501 connect by outside interface to a Telecom Router. This Router show his state by web page. The router automatically each 5 minutes updates his tables and publish IP Addresses of each host connected, on his web page.

I think that Router capture IP Adresses of any host connect, by sending Gratuitous Arp. When this happens, my PIX 501 outside interface becomes not operational however its state is UP - UP.

It seams doesn't work to Router's IP only.

In this situation internet results unrechable.

Cane anyone help me???

Tks all.

Here is my Pix configuration:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxx

passwd xxx

hostname xxx

domain-name intranet.kkk.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list outside permit icmp any any echo-reply

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 10.0.0.253 255.255.255.0

ip address inside 192.168.1.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside in interface outside

route outside 0.0.0.0 0.0.x.x.x.0.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

federico_caminos · ‎05-12-2006

Hello

It seems like you are having a conectivity issue.

If you are suspicious about your provider link then you will have to capture all the information and events you can.

1.- Start by testing your inside network , enable icmp on the inside interface of the pix

conf term

icmp permit any inside

then , from a host at your inside network do a ping to the PIX inside IP

ping -t 192.168.1.254

2.- Test and check the connectivity to your router from an inside workstation , by pinging continuosly to 10.0.0.254 which is your default ip address with a

ping -t 10.0.0.254

then , see how it goes , packet loss , variable response time.

3.- You can also enable your pix log , telnet to your pix and go into configuration mode and type :

conf term

telnet timeout 60

ssh timeout 60

logg mon 7

! this command will log all events to your teminal telnet or ssh session

term mon

!

logg buff 7

!this command will log all avents to buffer

logg on

!will start logging

Try to capture the log events at the moment you loose conectivity to correlate any possible event.

Hope this helps ... !

Regards

sgozio · ‎05-12-2006

Hello, tks for answer!

1) The problem is between router and PIX, it happen also when inside interface is down.

2) I test by ping (I'm connect to PIX by his serial interface to my PPC) connection between router and pix. On my PPC I have also open Internet Explorer on Router Web Page, when I refresh this page the Router update connected Host IP Address list in this moment it is systematic: connection loose.

3) I also enable pix log but last log information is ping to router.

Tks for your time.

federico_caminos · ‎05-12-2006

Let me ask you a couple of questions

What type of router is it ? Is it a DSL router ?

Are you the administrator of the router ?

How is DHCP configured on the router ? enabled ? disabled ? (it should be disabled on the interface connected to your PIX)

Have you checked speed and duplex ¿? (try fixing it to 10 full on the router and on the outside interface of the PIX)

In any case it seems like this is a conectivity issue not a malfunctioning PIX or a configuration related problem.

sgozio · ‎05-14-2006

Hi Federico, tks for answer.

Router is DSL Router, I'm Administrator of Router but it is a Italian Telecom "Black Box".

On Router I can configure basic parameters by web interface only.

DHCP is disabled.

I already Fix speed of PIX to 10full, on Router it is impossible to fix (It is autosensing)

Telecom have already change Router and I already have change PIX but the problem is the same.

Perhaps the isuue is the Router IP discovering mechanism. In fact when I refresh router webpage were router listing inside IP connection, connection lost.

Any other idea???

sgozio · ‎05-17-2006

It seams possible problem related to Router ARP Sending, in fact by Frame capture I find this information inside Router ARP frame informations:

Sender IP Address: 0.0.0.0 (0.0.0.0)

Note: Pix doesn't show anything inside log.