Pix 501 dropping devices from network

cwcadmin1 — Tue, 12 Mar 2019 00:25:04 GMT

Hi All.

I'm having a quirky problem with a PIX 501 and was wondering if anyone had any ideas.

Recently I've pulled a PIX 501 out of a closet (having never been used) and configured it for a VPN with my PIX 506e at an offsite location. This offsite location has a PC, Printer, Access Point, and remote VOIP phone. The VPN itself works great, but periodically the PIX just drops some network devices, specifically the Access Point and the Firewall. Both devices stay off until I reboot it (through an SSH connection) they then spring back to life.

Before I go buy another firewall only to have the same thing happen I was wondering if it could be a config issue. Or is this most likely a hardware problem?

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password W.42MAXXZHhUnW7N encrypted

passwd tVCAzWYvj2lO5MWD encrypted

hostname Firewall1

domain-name domain.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list nonat permit ip 192.168.111.0 255.255.255.0 192.168.112.0 255.255.255.0

access-list nonat permit ip 192.168.111.0 255.255.255.0 192.168.114.0 255.255.255.0

access-list RemoteVPN permit ip 192.168.111.0 255.255.255.0 192.168.100.0 255.255.255.0

pager lines 24

logging on

logging console debugging

logging buffered debugging

logging trap debugging

logging host inside 192.168.112.95

mtu outside 1500

mtu inside 1500

ip address outside 111.111.111.111 255.255.255.248

ip address inside 192.168.111.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 111.111.111.111 255

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

http server enable

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP_3DES esp-3des esp-md5-hmac

crypto map newmap 10 ipsec-isakmp

crypto map newmap 10 match address RemoteVPN

crypto map newmap 10 set peer 113.111.111.11

crypto map newmap 10 set transform-set ESP_3DES

crypto map newmap interface outside

isakmp enable outside

isakmp key ******** address 113.111.111.11 netmask 255.255.255.248

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 20

management-access inside

console timeout 0

dhcpd address 192.168.111.10-192.168.111.40 inside

dhcpd dns 192.168.112.5 8.8.8.8

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

username cwcchicago password NcrNMAXXMuaQjZ.I encrypted privilege 15

username CWCChicago password WZyMAXXX9wrptdcx encrypted privilege 2

terminal width 80

Pix 501 dropping devices from network

lcambron — Tue, 20 Nov 2012 03:49:29 GMT

Hello Jim,

Have you tried other troubleshooting? like; 'clear arp', try to ping the AP, take captures, see logs, etc.

The PIX firewall is getting to end of support, but further troubleshooting needs to be performed at the moment you have the issue to confirm if this is harware of software.

Regards,

Felipe.

Pix 501 dropping devices from network

cwcadmin1 — Tue, 20 Nov 2012 15:39:39 GMT

Hi Felipe,

Thanks for responding.

I've tried the following things to no avail:

Clearing ARP - ARP doesn't have a listing for the disconnected devices once their dropped.
Set up a Syslog server on debug mode and looked for some sort of indication as to why these were dropping.
Looked at licensing issue with show local-host but it did not report any denied traffic

When the devices drop neither VPN traffic nor local LAN traffic can ping them.

I don't have a good means of capturing traffic, nothing I have in this location has a monitor port.

The timing on the dropping of theses devices is inconsistent as well. It can be anywhere from 30 minutes to 3 days. Lately it seems less than 24 hours passes by before they're dropped.

Thanks,

- Jim

topic Pix 501 dropping devices from network in Network Security

Pix 501 dropping devices from network

Pix 501 dropping devices from network

Pix 501 dropping devices from network