Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX deny access to Internet on some Servers and Workstations

Hi all,

My PIX was working fine a few months back. Suddenly it's been doing some crazy things recently. I have some servers and workstations that can't access the Internet all of a sudden. The workstations resides on the Lan interface and the servers on the DMZ interface. The things that makes this hard to troubleshoot is that some workstations can connect to the Internet while some can't. So goes for the servers. In my mind, I'm thinking maybe it's a connection limitations issue on the Interface of both the LAN and DMZ NIC. Anyway, once I reload the PIX, everything is fine. Everyone can connect. But after 2-3 days, it starts to clog up and deny access to some workstations (LAN) and servers (DMZ).

Can someone help me out? Thanks

Tom

2 REPLIES
New Member

Re: PIX deny access to Internet on some Servers and Workstations

Use the 'sh conn count' and 'sh xlate count' commands to see how many connections and translations are in use on your PIX. Also, enable logging and set it to level 6 - informational. Maybe you can get a better idea of what's going on by taking a peek at the logs. One mo' thing.. Are you using PAT, or do you have a NAT pool configured?

New Member

Re: PIX deny access to Internet on some Servers and Workstations

I'm using NAT for the Servers on the DMZ. I did testing on one of the DMZ server. That server is a webserver that host a few websites. Somehow I can access those websites while the server can't see the Internet. Is that normal?

Thomas

186
Views
0
Helpful
2
Replies