Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
6
Replies

Inherited PIX 515 w/ ver. 6.2

jstewart73
Level 1
Level 1

‎04-12-2011 12:44 PM - edited ‎03-11-2019 01:19 PM

I have inherited a network for non-profit with limited funds.  Everything goes fine except intermittingly the PIX cuts off internet accesse (1-3 times a week). With my lack of knowledge/experience of PIX I have been simply powering down the PIX and turn it back on...  Internet traffic resumes and can't figure out why this is happening.  Was hoping someone could give me some suggestions of what and where to look for to why this is happening.

Labels:
0 Helpful
6 Replies 6

brquinn
Level 1
Level 1

‎04-12-2011 01:11 PM

Pix 6.2 is very old. I would suggest trying to upgrade to at least v6.3(5) since that will not involve any major config changes. From your description, I assume the outages last until you reload the Pix. Is that correct? Here are a few things you can check.

1) Run "show interface" and check the interface counters. Run the command again and make sure the counters are increasing.

2) Check the arp table with "show arp". Make sure the entries are correct. A duplicate IP address could change the arp entry of a critical route.

3) Do you have a syslog server setup? The logs will usually tell you exactly what is happening.

Pix 6.2 Command Reference

http://www.cisco.com/en/US/docs/security/pix/pix62/command/reference/cmdref.html

Pix 6.2 Configuration Guide

http://www.cisco.com/en/US/docs/security/pix/pix62/configuration/guide/config.html

Thanks,

Brendan

0 Helpful

jstewart73
Level 1
Level 1
In response to brquinn

‎04-12-2011 03:50 PM

1) Run "show interface" and check the interface counters. Run the command again and make sure the counters are increasing. (It appears they are increasing.)
2) Check the arp table with "show arp". Make sure the entries are correct. A duplicate IP address could change the arp entry of a critical route. (There isn't a duplicate IP)
3) Do you have a syslog server setup? (I do not and would like to set one up I have tftpd32 installed)
Is this the correct command?
ccmh-fw(config)# logging
ccmh-fw(config)# exit
ccmh-fw# wr mem
0 Helpful

brquinn
Level 1
Level 1

‎04-13-2011 07:32 AM

Ex:

logging host inside 10.1.1.1

logging trap

While troubleshooting, your logging level should be "debugging" (level 7). Be warned that this will generate a lot of logs.

Thanks,

Brendan

0 Helpful

jstewart73
Level 1
Level 1
In response to brquinn

‎05-10-2011 02:32 PM

I have configured a log server and set the trap to 7.  What should I be looking for any particular activity or message?

0 Helpful

brquinn
Level 1
Level 1
In response to jstewart73

‎05-10-2011 03:07 PM

Ja,

Keep careful note of the times when the problem occurs. Then you can look at the logs at the time of the issue to try and determine what happened. You can also connect to the Pix at the time of the failure with a console cable and check for basic connectivity. Try to ping, verify the arp table, etc.

Thanks,

Brendan

0 Helpful

jstewart73
Level 1
Level 1

‎05-02-2011 08:38 AM

Still figuring how to do the log server. Before I do that. I just had a server problem restarting due to noncompatible back up power supply. Could a bad APC cause the above problem?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card