PIX 515E ARP issue

mukundh86 · ‎04-26-2012

I have pix 515e Version 6.3(5). After installing it, it worked well for like 2-3 hours and all of a sudden stopped working. There were no crashes as such.

The firewall had an external IP address of 1.1.1.2 with a default route pointed to 1.1.1.1 which is a 6500 core switch. I was not able to ping 1.1.1.1from the firewall. I tried connecting to different ports on the switch but no success and also connected the firewall to may laptop ( giving my laptop 1.1.1.1) and still no success.

One of the things i found is that when the firewall pings 1.1.1.1 , it sends icmp echos but doesnot receive anything back ( both in case of switch and laptop). I checked the configs and icmp has been allowed. I found that while on the ARP table of firewall i could see 1.1.1.1 but on ARP table of switch i couldn't see 1.1.1.2. I tried clearing arp entries but that did not help.

Has anyone faced this issue before?

Thanks

Mukundh

mukundh86 · ‎04-28-2012

Hello all,

I would like to add something here.

The pings started working when i added the "failover active" command. When i do the "no failover" command, it stops.

Not sure why this is happening.

Thanks

Mukundh

Dan-Ciprian Cicioiu · ‎04-28-2012

Hi Mukundh,

I would recommend you to upgrade the software of the PIX.

The last version is 8.(0)4, but anything starting with 7.1 would be fine.

Dan

mukundh86 · ‎04-28-2012

Hi Dan,

Can you suggest me a good IOS to load into the PIX that would upgrade it to 7.1 or higher version?

Iam unable to look it up in cisco website.

Thanks

Mukundh

Dan-Ciprian Cicioiu · ‎04-28-2012

If you do not have access, you must contact your partner.

If you want to know the SW version, would personally go to 8.0(2).

Dan