cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
614
Views
0
Helpful
8
Replies

PIX 101 Troubleshooting

dyckhscr
Level 1
Level 1

Does anyone have any links or suggested reading for PIX troubleshooting techniques, methods, whatever?

I'm thinking of the scenarios where X phones up and says I can't Y anymore, it must be the firewall.

This would be for the CLI as a by the by, but pointers to the PDM side as well would be gratefully taken.

Many thanks

8 Replies 8

mpalardy
Level 3
Level 3

Thanks Mike, they are a good start.

Any more for anymore?

Depends... I'm not sure I caught it about phones in your previous message.

I'll take a chance pointing you to this URL regarding pix configuration examples:

http://cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html#anchor16

Sorry, I was trying to be non-specific about it so that I'd get as wide a range of answers as possible.

My background is comms networking and we've recently been lumped with 2nd line support for outr firewalls. Now cyberguards, checkpoints, etc I'm fine with but the PIX is just a little greyer than most things. Configuring one in the first place I'm just ok with, but in reality troubleshooting connections, etc is what I guess I'm after.

My example was meant to point at that ....

The "show ?" command would be an initial point, where you'll get allowed commands.

PDM will also give statistics (up to 5 days ago) on the pix ressource. Also note pixes can be configured via PDM.

Thanks for the thought but the 'show ?' command is one I know about. The problem with that is if you don't know what the command does, you have to go and look it up and the cisco answer is not necessarily the easiest to follow.

I was more after, I guess, an abc of where to start, what to look at first, how to find what I'm looking for, etc ....

As a direct example - today we had a call requesting us to prove that a NAT translation for a printer is working. There are 80 of these NATs and only one was questionable.

The rules were in place to allow the relevant port to be open and the NAT was in place ... but what next? I know what I did, but I'm positive there must be a better method or way of approaching it.

Perhaps I'm phrasing my request wrong, but I'd really like a "How to troubleshoot pixes 101" and preferably from the CLI but I'll take the pdm info as well.

Unfortunately (and to my knowledge) there's no manual 101 for troobleshooting all possible issues with the pix. Buy may be this link will help:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_tech_notes_list.html

Sorry to say pix is not one of those device you just plug and configures all by itself.

Also to help you diagnose a problem, setting up a syslog server may be very helpfull.

One of possible answer for you to proof nat is working fine might be:

show local host_ip detail

or

show xlate local host_ip

Good-bye now,

Mike

Mike,

Thanks for the responses and I do realise what I'm asking but I felt certain I'm not the only one who has ever asked this question before.

The link you've provided is an excellent start but not one I'd found with my own search efforts so I appreciate that.

S.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: