Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
3
Replies

Upgrading from PIX 506 to 506e

sgoethals1
Level 1
Level 1

‎09-12-2005 04:52 AM - edited ‎02-21-2020 12:23 AM

I am in the process of upgrading a Cisco PIX 506 to a 506e, however, I am not having much luck. I copied the existing PIX configuration from the 506 to the new PIX, with the exception of the ALIAS statement. These were removed since the web based configuration tool doesn't support it. Based on the configuration, this shouldn't be a problem however. For some reason the 506 was setup to do reverse NAT, and this function is not neccessary based on the environment and network. We are however, using static NAT.

Here's what happens. When I plug in the new 506e, most everyone can access the outside interface and reach the Internet. However, certain IP addresses (I've found two so far) are blocked. Those that can access the Internet can't access the internal web server accept by IP address. They receive an error when using a name. Outside folks can access the internal websites without a hitch.

I tried adding the DNS option to my NAT statement, and this allowed access to the internal servers by name, but then no one could access the OUTSIDE interface.

If I plug the original PIX 506 back in, everything works fine. I have been over my configuration many times, and nothing stands out as being different.

Any ideas....I would appreciate any help I could get.

Thanks.

Scott

0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎09-12-2005 07:16 AM

Scott,

It would be interesting to see both configuration (post it here, taking out any sensitive info), also if you have a router in front of the pix can you clear the ARP on the router and also on the pix too.

Let me know if this helps.

Jay

0 Helpful

sgoethals1
Level 1
Level 1
In response to jmia

‎09-13-2005 08:23 AM

Hi Jay,

Thanks for responding. The PIX firewall is the only device on the perimeter. There isn't another router. I would prefer to send the configs directly to you verses posting them on the forum. Let me know if this is ok to do. I appreciate you taking the time to help me with this.

Scott

0 Helpful

jmia
Level 7
Level 7
In response to sgoethals1

‎09-13-2005 11:21 AM

Scott,

No problem, send to jmia@ohgroup.co.uk and I'll take a look. What I ment by clearing the ARP on the router is to clear the ARP on your perimeter router that connects to your ISP. It would be intresting to see your network topology too.

Jay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card