https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440019#M528613 <HTML><HEAD></HEAD><BODY><P>This should be easy to get going, are you able to paste your whole admin and system config for me to see and debug.... thanks</P></BODY></HTML> Fri, 13 Jan 2006 19:58:02 GMT itchampnz 2006-01-13T19:58:02Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440017#M528605 <P>Hi everybody,</P><P></P><P>Last week, I started a placement (Internship) in France and I'm working on the PIX 7.0(4) appliance software.</P><P></P><P>I understood almost all features and managed to make everything word pretty well, but I can't manage to make contexts work properly with subinterfaces.</P><P></P><P>Actually, I did exactly what's indicated in the first sample of this page : <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008045247c.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008045247c.html</A></P><P></P><P>But, even if I only use one subinterface and only one context, I'm unable to communicate between the PIX and a directly connected computer. IP adresses are all right on both sides, nameif are set, so is "icmp permit any inside".</P><P></P><P>But if I try to send a ping request from/to the PIX, I never manage to get an answer. It seems like the PIX subinterface do not receive anything at all. If I create a capture on this interface, I see outgoing icmp packets but no reply coming back. On the other hand, when capturing packets on the PC, I see the arp request from the PIX (Who has 192.168.1.1 ask 192.168.1.254), the PC sends a reply with its Mac-adress and the PIX never receives it.</P><P></P><P>Here is what my configuration looks like :</P><P>PIX : </P><P>- Interface Eth 1</P><P>-- Interface Eth 1.4</P><P>-- Vlan 4</P><P>-- Ip adresse 192.168.1.254 255.255.255.0</P><P>-- No shutdown</P><P></P><P>context admin</P><P>- allocate-interface eth 1.4</P><P></P><P>I did not try to create other contexts because I'd like this one to work first...</P><P></P><P>Thanks for your help,</P><P></P><P></P> Fri, 21 Feb 2020 08:38:31 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440017#M528605 gaetan.allart 2020-02-21T08:38:31Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440018#M528609 <HTML><HEAD></HEAD><BODY><P>Here is the capture from the PIX when sending a ping request from it to 192.168.1.1 directly connected on ETH1 interface :</P><P></P><P> 1: 10:51:25.704782 802.1Q vlan#4 P0 arp who-has 192.168.1.1 tell 192.168.1.254</P><P> 2: 10:51:26.793660 802.1Q vlan#4 P0 arp who-has 192.168.1.1 tell 192.168.1.254</P><P> 3: 10:51:27.794423 802.1Q vlan#4 P0 arp who-has 192.168.1.1 tell 192.168.1.254</P><P> 4: 10:51:31.794560 802.1Q vlan#4 P0 arp who-has 192.168.1.1 tell 192.168.1.254</P><P> 5: 10:51:36.793812 802.1Q vlan#4 P0 arp who-has 192.168.1.1 tell 192.168.1.254</P><P> 6: 10:51:41.794651 802.1Q vlan#4 P0 arp who-has 192.168.1.1 tell 192.168.1.254</P><P></P><P>What's funny is that I receive this ARP requests on the PC but the PIX does not pay attention to my replies...</P></BODY></HTML> Fri, 13 Jan 2006 13:46:19 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440018#M528609 gaetan.allart 2006-01-13T13:46:19Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440019#M528613 <HTML><HEAD></HEAD><BODY><P>This should be easy to get going, are you able to paste your whole admin and system config for me to see and debug.... thanks</P></BODY></HTML> Fri, 13 Jan 2006 19:58:02 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440019#M528613 itchampnz 2006-01-13T19:58:02Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440020#M528616 <HTML><HEAD></HEAD><BODY><P>Sure, I'll post all this stuff on monday, going back to work <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Thanks for helping <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P></BODY></HTML> Fri, 13 Jan 2006 20:58:10 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440020#M528616 gaetan.allart 2006-01-13T20:58:10Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440021#M528619 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please find enclosed my configuration files for system context and ctx1 context.</P><P></P><P>Kind regards,</P><P></P><P> </P><P></P></BODY></HTML> Mon, 16 Jan 2006 10:06:58 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440021#M528619 gaetan.allart 2006-01-16T10:06:58Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440022#M528621 <HTML><HEAD></HEAD><BODY><P>Dude, in your messages above you talk about the 192.168.1.x/24 network, i.e. that is what you are trying to ping.</P><P></P><P>However in your configs you have attached, your interface is ip address 192.168.0.254 255.255.255.0</P><P></P><P></P><P>Change the ip address and you may find it works.. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Tue, 17 Jan 2006 09:54:56 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440022#M528621 itchampnz 2006-01-17T09:54:56Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440023#M528624 <HTML><HEAD></HEAD><BODY><P>Of course I did use the correct IP@ to ping. This is just a mistake in my firt post...</P><P></P><P>I don't think the problem comes from this...</P></BODY></HTML> Tue, 17 Jan 2006 12:47:00 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440023#M528624 gaetan.allart 2006-01-17T12:47:00Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440024#M528626 <HTML><HEAD></HEAD><BODY><P>I'm having the same issue of not being able to use the subinterfaces. Has this issues been resolved? If so were can I obtain the configuration in order to use the subinterfaces in multiple context mode.</P></BODY></HTML> Wed, 08 Mar 2006 20:39:05 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440024#M528626 info4work 2006-03-08T20:39:05Z https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440025#M528629 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Yes it's been resolved. The problem was coming from my switch configuration. Actually, you have to configure a trunk link between the switch and the PIX that allow the 2 Vlan IDs. Then you configure each Vlan Id on the other 2 swich interfaces.</P><P></P><P>I guess I backed-up the configuration file. I'll post it there as soon as I get to to work.</P></BODY></HTML> Thu, 09 Mar 2006 07:32:20 GMT https://community.cisco.com/t5/network-security/cisco-pix-7-0-multi-contexts-configuration/m-p/440025#M528629 gaetan.allart 2006-03-09T07:32:20Z