Strange issue

m.hossein · ‎11-15-2001

Hi all,

I have PIX506 and I configured it to protect me internal LAN, but this PIX acts in strange way.

I gave it internal IP address: 192.168.111.1 with subnetmask 255.255.255.128. in sometimes some PCs could not work through the PIX till I changed it's IP address to an other one in the same range.

example: today one of our internal PCs has this IP address: 192.168.111.5, and it works fine till yesterday. Today the user told me that this machine can ping the internal interface of PIX and could not ping my gateway "router" and it cannot access the internet. As usually I changed it's IP address to 192.168.111.100 and it works fine....

sometimes, clear arp "on PIX and router" and clear xlate made it works but as I said sometimes

Can any one help me to resolve this problem...

thanx in advance...

Magdy

mike · ‎11-15-2001

Weird. You possibly have a duplicate IP address 192.168.111.1 configured on another box.

Unplug the PIX internet interface and ping 192.168.111.1. if you get a reply then you know there's a dup IP. There may also be clients with dup IP addresses... just a thought. Don't forget about switches being the possible source of the dup IP. I'm sure there are other possibilities for this behavior, but this seems fairly likely... good luck!

mike kantowski

ccnp

0r-lau · ‎11-18-2001

Once I had a strange problem with my PIX 506 too.

In the end I found out that I ran out of IP addresses for translation.

Make sure you xlate timeout is not the default of 3:00:00. Change that to something in minutes instead.

I hope this helps.

Ron