Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1102
Views
0
Helpful
5
Replies

PIX 506e

CiscoATC
Level 1
Level 1

‎07-21-2005 07:15 PM

Hi,

I have a PIX 506e (6.3(4)) and for some odd reason, the device simply stops passing traffic after 24 hrs. Once rebooted it works for another 24 hrs and then does it again.

Network is as follows:

Users to Hub, Hub to PIX, PIX connects to Cayman dsl 4 port Router, static IP from ISP, route statements are good.

The config isn't lost because it starts working again after a reboot...

Did I miss something when I originally configured it (regarding some kind of time constraint)?

Thanks for any help,

Jim

Labels:
0 Helpful
5 Replies 5

ehirsel
Level 6
Level 6

‎07-23-2005 05:25 PM

Run the show version command on the pix, and look what type of license is in use.

Do you have the pix configured in a failover cluster?

You may have the unit using a key that is somehow seen as a failover license key with no corresponding pix that is running a restricted or unrestricted license key that is active. In addition the serial failover cable on the pix 506e in question may need to be connected to the pix.

The 24 hour period is normal for a pix with a failover lic that has no connection to a pix with another type of lic. Note that the serial cable not being installed can cause this issue as the secondary pix expects to be connected to the primary pix in a failover cluster.

Let me know what you find.

0 Helpful

CiscoATC
Level 1
Level 1
In response to ehirsel

‎07-24-2005 04:20 AM

It is a simple network. No failover and/or cluster in place.

The following is the sho ver output:

Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz

Flash E28F640J3 @ 0x300, 8MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 0014.6af2.ef88, irq 10

1: ethernet1: address is 0014.6af2.ef89, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces: 2

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

How would I know if I have a failover lic? If the Failover is "disabled" (from above data), does that mean I could still have a Failover Lic...just not connected?

Here is what I have done in the interim: A few days ago, I enabled and set CA and "saved all" for SSH connectivity. I have not yet heard back from the client if they have lost Internet access yet...and it has been about 3 days.

thanks,

Jim

0 Helpful

m.lestoquoy
Level 1
Level 1
In response to CiscoATC

‎07-25-2005 11:48 PM

Failover feature is not available on Pix 506E...

The first one having this feature is PIX-515-UR

0 Helpful

m.lestoquoy
Level 1
Level 1

‎07-25-2005 11:50 PM

When the problem occurs, you should check ARP resolutions.

Does the workstation resolve Pix-Inside IP ?

Does Pix resolve workstations IPs ?

Does Pix resolve Cayman's IP

Does Cayman resole Pix-Outside IP ?

24 hours can be a ARP timeout.

0 Helpful

CiscoATC
Level 1
Level 1
In response to m.lestoquoy

‎07-26-2005 03:00 AM

I will check it today as I am due for this to occur by 10 am EST.

I will post answers to your questions when it happens.

thanks,

Jim

0 Helpful
Customers Also Viewed These Support Documents