Lost connection to PIX

todtaylor — Fri, 21 Feb 2020 07:10:25 GMT

I have a very basic config on a PIX515E with 6.3(1). Approx. every 10 min I loose connection with the firewall from an inside host and can not get out to the internet or use PDM. The firewall can not ping the inside host. Below is the config.

If I submit the clear arp command I get connection back. Why? Is this something to do with the license which is restricted? Show arp gives me 4 lan addresses on the outside interface and the one host on the inside interface for a total of 5.

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

hostname firewall

domain-name nnn.nnn.nnn

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

pager lines 24

logging on

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside xxx.xxx.xxx.nnn 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.1.20 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 1 xxx.xxx.xxx.ttt-xxx.xxx.xxx.www netmask 255.255.255.0

global (outside) 1 xxx.xxx.xxx.yyy

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.20 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

telnet timeout 5

ssh timeout 20

console timeout 0

terminal width 80

Re: Lost connection to PIX

ramesh.krishnan — Fri, 26 Dec 2003 05:48:12 GMT

i also had somewhat the same trouble with the PIX...just try out this command and see...

sysopt noproxyarp inside

Ramesh

Re: Lost connection to PIX

t.moxon — Thu, 08 Jan 2004 15:57:35 GMT

Try checking your license connections.

Do a 'show local-host' and look for denied connections. Compare this to your licensed connections in the 'show version'.

sh local-host

Interface inside: 5 active, 8 maximum active, 0 denied

topic Re: Lost connection to PIX in Network Security

Lost connection to PIX

Re: Lost connection to PIX

Re: Lost connection to PIX