I have 6.3.3 pix os

i believe tcp syslog

Static ip addresses on the pix and hard coded duplex and speed on the pix and switch. (Router is 2501 10/half and pix outside is 10baseT hardcoded, switch is 2950 100 full hardcoded and pix is 100 full hardcoded).

Ok - in general, the Pix will stop forwarding traffic if the TCP Syslog server is not reachable. I do not think this is what is happening in your case, but it's worth mentioning.

By attempting your SSH session to the Pix, the router could be forced to ARP to resolve the Pix's IP address into a MAC address so it can forward the L2 packet to it.

I wonder if the problem could be in the router IOS?

Have you hard-coded the ARP entries on either the Pix or the Router for the other?

thanks

peter

no i have not, i just tried and the router gave me the following error:

Bad ARP command - Interface may only be specified when bridging IP

When I do a show arp on the pix, it only shows inside address nothing for the outside address.

any suggestion on how i should hardcode it?

Also, just to let you know, i can ping the outside interface of the pix before i ssh into it and still nothing. I have tried to telnet (which I have turned off) to it and nothing. the only way so far was to ssh to the outside and then the inside interface is pingable and people can access the internet and tunnel again.

Rick

as of 7/8/2004,, it went down again today. it has been about 2 days since the reload of the pix.

the syslog did not go in until the issue arose so thats not it.

I have changed routers, and IOS on the router.

Went down in the middle of the day when people were able to get thru it and all of a sudden could not get thru the pix or ping the inside interface. I have set arp entry on the pix manual for the router. as soon as I ssh into the pix the link was up and could ping the inside interface from a server in that location. When I first put this in it worked without any issues for a month or so. then it started and no matter what i seem to do nothing has helped. I was wondering if something on the inside is doing it. I have thought about putting a router between the pix and switch to turn off everything but unicast. but if it continues then i am hosed as i am out of ideas.

Rick

This cannot be much fun. I am sorry this is happening.

What type of user license in on the pix 501?

Since this continues to impact your business, I would suggest opening a TAC Case at Priority 2 (if business is currently down) or 3 to see if there may be an interim engineering release that addresses your issue.

I'd refer them to the link for this conversation to show them your troubleshooting that you have already done.

thanks

peter

i have the k9 bundle unlimted users. I have a tac case number but thought not much help so far. Thought I would see if anyone else had any ideas.

Rick

yep, int 13 other locations. and no issues.

Friday I just put in a router between the pix and switch. so now it goes router>pix>router>switch. I did this to see if it still goes down. If it doesnt go down i know it was an inside issue. if it does, then I know its outside related. If it runs for more than 7 days without going down, i know it was an inside issue (i think).