01-11-2006 01:36 PM - edited 02-21-2020 12:38 AM
This afternoon my pix appears to have stopped accepting connections from vpn client software. All of my pix-2-pix tunnels are still up but I can't get and clients to connect I have a case open with cisco but am awaiting a response from the engineer. Has anyone scene this before? No configuration changes had taken place prior to the incident. The connections just stopped. I can't seem to get a capture of just the crypto debugs. As soon as I turn on debugs I have to enable logging to console and there is so much information it is next to impossible to capture the data I ned to troubleshoot this. If anyone has any recomendations please let me know. I do not want to reboot the pix as this will disrupt other things that are still working and I also will not beable to determine what actually is causing the issue.
01-12-2006 02:35 AM
just wondering how many users are affected. is it possible that the issue is related to the remote user pc?
01-13-2006 06:26 AM
It was service affecting across the board. I ended up getting frustrated and just clearing the xlate. THis fixed the issue. The only thing that I can figure is possibly translations were not getting removed from the table after a termination of the connection and filled up all the sockets used for UDP connections - or something like that - not really sure. But after clearing the xlate table all connections began functiong correctly again.
Thanks
David
MY ISSUE IS RESOLVED!
01-14-2006 06:18 AM
it's good to learn that your issue has been resolved.
just wondering if the pix is 501. if so, then the issue may be related to number of inside user.
e.g. do "sh ver"
pix# sh ver
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)
Compiled on Fri 02-Jul-04 00:07 by morlee
pix up 229 days 14 hours
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 0012.80cb.d613, irq 9
1: ethernet1: address is 0012.80cb.d614, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10
01-14-2006 05:03 PM
Nope, that is not the problem. Thank you though. I have resolved the issue. There were some issues in the translations table.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide