Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 515 PIX, global addresses, no internet, help

Reply
Thread Tools

Cisco 515 PIX, global addresses, no internet, help

 
 
djone
Guest
Posts: n/a
 
      12-07-2007
Ok. I am having the weirdest problem and I can't tell where the fault
lays. So here is the situation

The other day we started experiencing a random internet outage. Well
after some testing what I found out was that the firewall wasn't
allowing any traffic past it for some odd reason. So after some more
testing I found out that if I removed all the global addresses and
made the company just use one PAT address then everyone could access
the internet and get past the PIX. At first thought that maybe we had
exhausted all of our IPs and the system was having a hard time
building the translations. But me being a newbie at this means that
I'm probably wrong. I went through every config line by hand and
can't see where we would be block a whole range of IPs but then
allowing one single ip to leave. I even checked our external router
and I didn't see anything that would have caused such a problem. I
mean my thinking is that if a whole range of IPs is blocked or not
working, that would mean that even the PAT address I'm using would be
blocked also. So after some more testing and increasing the logging, I
came across this:

c 6 17:28:45 192.168.4.1 %PIX-6-609001: Built local-host inside:
192.168.4.81
Dec 6 17:28:45 192.168.4.1 %PIX-6-305009: Built dynamic translation
from inside:192.168.4.81 to outside:##.##.##.##
Dec 6 17:28:45 192.168.4.1 %PIX-6-302013: Built outbound TCP
connection 4243573 for outside:64.246.26.120/80 (64.246.26.120/80) to
inside:192.168.4.81/2032 (##.##.##.##/2032)
Dec 6 17:28:51 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1872 to 72.14.253.125/443 flags PSH ACK on
interface inside
Dec 6 17:28:51 192.168.4.1 %PIX-6-302013: Built outbound TCP
connection 4243646 for outside:72.14.253.125/5222 (72.14.253.125/5222)
to inside:192.168.4.81/2033 (12.179.97.46/2033)
Dec 6 17:28:53 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1875 to 216.155.193.168/5050 flags PSH ACK on
interface inside
Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1896 to 64.12.26.90/5190 flags PSH ACK on interface
inside
Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1927 to 205.188.13.36/5190 flags FIN ACK on
interface inside
Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1920 to 205.188.176.105/5190 flags FIN ACK on
interface inside
Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1917 to 205.188.248.146/5190 flags FIN ACK on
interface inside
Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1914 to 205.188.153.2/5190 flags FIN ACK on
interface inside
Dec 6 17:29:07 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
from 192.168.4.81/1977 to 207.46.111.19/1863 flags PSH ACK on
interface inside

Does this even matter at all? Any help would be much appreciated,
especially since I'm very new to the networking world. Thank you.
 
Reply With Quote
 
 
 
 
BoBraxton BoBraxton is offline
Junior Member
Join Date: Jul 2006
Posts: 11
 
      12-20-2007
We have 515 PIX and all our stuff is working except VPN, which began failing "Authentication Failed" (at client) sometime in October. Do you also do VPN with yours? I, too, am totally new.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FWSM/PIX and Dynamic PAT using global IP range vs. global interface vs. global IP Hoffa Cisco 1 10-25-2006 06:50 PM
FWSM/PIX and Dynamic PAT using global IP range vs. global interface vs. global IP Hoffa Cisco 0 10-25-2006 01:04 PM
PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC? Scott Townsend Cisco 8 02-22-2006 09:59 PM
Need simple help with Pix 515 to Cisco Client VPN Kilgore Troute Cisco 1 09-07-2004 01:40 AM
[HELP] Cisco PIX 515 Port Forwarding Corbin O'Reilly Cisco 4 09-26-2003 08:39 PM



Advertisments