08-10-2006 03:12 AM - edited 02-21-2020 01:06 AM
Does anyone have any links or suggested reading for PIX troubleshooting techniques, methods, whatever?
I'm thinking of the scenarios where X phones up and says I can't Y anymore, it must be the firewall.
This would be for the CLI as a by the by, but pointers to the PDM side as well would be gratefully taken.
Many thanks
08-10-2006 07:46 AM
What about these links to begin with:
For troobleshooting
http://www.cisco.com/warp/customer/110/pixperformance.html
For PDM
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pdm/index.htm
HTH
Mike
08-11-2006 04:25 AM
Thanks Mike, they are a good start.
Any more for anymore?
08-11-2006 04:48 AM
Depends... I'm not sure I caught it about phones in your previous message.
I'll take a chance pointing you to this URL regarding pix configuration examples:
08-11-2006 08:11 AM
Sorry, I was trying to be non-specific about it so that I'd get as wide a range of answers as possible.
My background is comms networking and we've recently been lumped with 2nd line support for outr firewalls. Now cyberguards, checkpoints, etc I'm fine with but the PIX is just a little greyer than most things. Configuring one in the first place I'm just ok with, but in reality troubleshooting connections, etc is what I guess I'm after.
My example was meant to point at that ....
08-11-2006 09:32 AM
The "show ?" command would be an initial point, where you'll get allowed commands.
PDM will also give statistics (up to 5 days ago) on the pix ressource. Also note pixes can be configured via PDM.
08-11-2006 04:07 PM
Thanks for the thought but the 'show ?' command is one I know about. The problem with that is if you don't know what the command does, you have to go and look it up and the cisco answer is not necessarily the easiest to follow.
I was more after, I guess, an abc of where to start, what to look at first, how to find what I'm looking for, etc ....
As a direct example - today we had a call requesting us to prove that a NAT translation for a printer is working. There are 80 of these NATs and only one was questionable.
The rules were in place to allow the relevant port to be open and the NAT was in place ... but what next? I know what I did, but I'm positive there must be a better method or way of approaching it.
Perhaps I'm phrasing my request wrong, but I'd really like a "How to troubleshoot pixes 101" and preferably from the CLI but I'll take the pdm info as well.
08-14-2006 12:26 PM
Unfortunately (and to my knowledge) there's no manual 101 for troobleshooting all possible issues with the pix. Buy may be this link will help:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_tech_notes_list.html
Sorry to say pix is not one of those device you just plug and configures all by itself.
Also to help you diagnose a problem, setting up a syslog server may be very helpfull.
One of possible answer for you to proof nat is working fine might be:
show local host_ip detail
or
show xlate local host_ip
Good-bye now,
Mike
08-15-2006 07:52 AM
Mike,
Thanks for the responses and I do realise what I'm asking but I felt certain I'm not the only one who has ever asked this question before.
The link you've provided is an excellent start but not one I'd found with my own search efforts so I appreciate that.
S.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: