Re: PIX port not working

shabiersayed · ‎12-27-2004

Hi,

I have Cisco PIX 515-E-UR with 6 interfaces. DMZ2 some times its working and sometimes not. I used PDM to see the status interface and showed as DOWN. Can anybody help me how to troubleshoot this issue. Is there any hardware problem?

rpathani · ‎12-27-2004

Hi, I have couple of questions from you:

1) Is the Pix-515E in failover ?

2) Do you have a switch connected to DMZ2 and if so then make sure you have hardcode the speed of the DMZ2 interface as well as that of the directly connected switch.

3) show interface DMZ2

Does the above command show you any errors on the interface... specially and CRC or deferred errors? And if so then try changing the cables.

4) What is the security level of DMZ2 interface? Make sure that is should not be same as that of any other interface.

5) If possible, could you upload the output of "show tech" from the Pix?

Regards,

Rahul Pathania.

shabiersayed · ‎12-28-2004

Yes Rahul,

I found lots of CRC and Interface Packet Errors. I saw there is a huge Input Errors (360) CRC (200) Deferred (2). I changed the cable but still it shows the same. I configured the interface speed to 10half as well.Do you think is there any problem with Port or Firewall?

Patrick Iseli · ‎12-28-2004

That sounds like DUPLEX MODE errors.

You have two choices to fix that:

1.) Set Duplex on both the PIX and the Switch to the same duplex mode. Lets say 100MB Full Duplex.

2.) Set both to Auto negotiation.

sincerely

Patrick

rpathani · ‎12-28-2004

Hi Shabier,

CRC errors refer to cabling issue and input erros refer to interface speed mismatch due to which you would see deferred packets as well.

There should not be any issues with the port on the firewall however i woudl recommend you to chenge the speed of the interface to:

either

interface DMZ2 auto

or to

interface DMZ2 100full

and then give the command:

clear interface

this would reset the interface counters to 0 so you may monitor the errors on the interface after making the changes.

rpathani · ‎12-28-2004

Hi Shabier,

CRC errors refer to cabling issue and input erros refer to interface speed mismatch due to which you would see deferred packets as well.

There should not be any issues with the port on the firewall however i woudl recommend you to chenge the speed of the interface to:

either

interface DMZ2 auto

or to

interface DMZ2 100full

and then give the command:

clear interface

this would reset the interface counters to 0 so you may monitor the errors on the interface after making the changes.

shabiersayed · ‎12-29-2004

Hi Rohit,

This option i tried long back like changing the cable and setting the speed of the interface to 10full (half as well). But still the problem exists. I wonder where if i get any hint to troubleshoot. Any way i opened a query with TAC lets see..

Patrick Iseli · ‎12-29-2004

Onother way to troubleshoot that would be to put a packet sniffer to that interface.

Note: But a real packet sniffer that is able to see also physical problems, not all network cards are able to see them, they are silently droped.

sincerely

Patrick

shabiersayed · ‎12-31-2004

Hi rohit,

Actually that is the problem with Linksys router, which is not accepting any changes in speed. After client replaces his router this problem is sorted out. Thanks for your help.