Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 520 dropping packets to two remote networks

Our PIX 520 running 5.1(2) -- it is scheduled for upgrade in two weeks -- has "suddenly" begun dropping all packets to two remote networks. There are no ACL entries preventing access to these two networks and there are no indications in the syslog (set to 'debugging' level) that these packets are even being dropped. Has anyone ever seen this type of behavior before? Any suggestions are appreciated. Thanks.

Jon Dudding

2 REPLIES
Cisco Employee

Re: PIX 520 dropping packets to two remote networks

What do you mean "dropping all packets to two remote networks"? Do you mean packets from the outside interface, going to these two networks on the inside aren't getting through?

Are you sure there isn't an ACL or something similar on another device in between these two networks and the PIX? Can you ping anything on these networks from the PIX itself? Does the PIX have valid route statements pointing to a valid next hop in it's configuration? Do the two remote networks have routes back to wherever you're trying to connect from?

If nothing appears in the syslog then there's a good chance the packets aren't even reaching the PIX, or they're passing through the PIX as you would expect.

New Member

Re: PIX 520 dropping packets to two remote networks

The packets are in fact passing through the PIX and it turns out that that is not the source of the problem. We have a VPN device that is fouling up packets destined for certain networks outside of our own. My sniffer was mirroring a port that passes packets after they pass through the VPN. When I changed the mirrored port to one that passes packets to the VPN, I began to see packets as I right where they should be. So, the PIX is doing it's job. Thanks for the response.

Jon Dudding

178
Views
0
Helpful
2
Replies