cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
498
Views
0
Helpful
5
Replies

Pix 505E Hang up after certain period of time??

faikarson
Level 1
Level 1

Hi brothers,

I've got a pix505E running in company. After 4 months, it suddenly hangs up every few days. During this period, all connections wouldn't be lost but clients could not establish any new connection to internet. For example, when i was downloading something, it wouldn't get connection lost, but i couldn't browse/ping any site/host even. What i've done was connected to pix manager to see what happened. But the time taken for connecting to it was apparantly slower than normal (around 30 sec). Finally i have to switch off and on to reboot the firewall and everything turns to normal. This happens once a week.. Any body would help? Does it relate to the pix? Or any other thing else i've overlooked? :(

Regards,

newbie IT engineer

5 Replies 5

a.kiprawih
Level 7
Level 7

Hi,

It could be due to many reasons like due to trojans/viruses that occupied outbound translation/connection sessions and so on.

The best is to check the log status. Make sure your firewall log is enable, at least for internal log:

firewall(config)#logging on

firewall(config)#logging buffer info

Monitor the firewall activities, like using "sh log" command and "sh conn" command. Look for a pattern if single IP opening too many connection to outside multiple ports, or from multiple IPs.

For example, slammer attack will slow down your firewall and it makes new connection almost impossible (but PIX has floodguard feature to mitigate). Firewall will not drop or disconnect your sesion but will hold it while handling/releasing the attack.

Hard to tell without log/connection info, but it can be anything.

Rgds,

AK

Thanks very much for the reply.

I've enabled logging since this problems occured. But referred to my last post, i have to do a hard reboot to make the connections return to normal. After i've done so, the logs inside the pix disappeared :(

Moreover, it seems that the log could only store very limited history as i typed "sh conn" or "sh log" it only showed about 50 to 60 lines.

I know it's very hard to investigate the problem without logs, but how could i save these thing even the pix has been rebooted manually?

Once again, thanks much brother :)

sean
Level 3
Level 3

Have you done a

sh xlate count

to see how many connections are being used? That would be a good indicator if you are experiencing virus/worm activity. Hope this helps.

jeffrey.price
Level 1
Level 1

Our Pix 520 is also having similar issues with hanging up at random times. We now send the log to a logging server so we can further find the offending IP or issue. The PIX would show approx.13000 connections that would jump to over 620000 within minutes, then lock up. The only way to restore service is a reload. Did you narrow your issue since then?

Thanks

From my first post to now things going smooth so far since i've contacted with the cisco support and we found what was going on finally. I hope my experience could help you.

I've used an IP on the outside interface with (e.g.) 192.0.0.158, while all workstations in LAN 10.0.0.0 would have PAT to 192.0.0.157 for out going address. What i've done is changing the PAT address to use the same one on interface outside (i.e. 192.0.0.158). And it works for me so far. So if you've got a same settings like me perhaps it worths a try.

I was also thinking of virus attack or whatsover since i got this problem, but i couldn't stop headache even i put much more effort to work on this way, and cisco support helped me finally :D

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: