Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix 515E --> After a few minutes inside hosts lose internet and dmz

Reply
Thread Tools

Pix 515E --> After a few minutes inside hosts lose internet and dmz

 
 
ForumKid ForumKid is offline
Junior Member
Join Date: Dec 2008
Posts: 1
 
      12-03-2008
Here is my issue. It's the strangest thing that i have been battling for 2 weeks now and I need some guidance because Im just stuck against a wall.

After a few minutes, maybe 10, maybe 5, all clients on the inside interface lose internet access and lose access to the dmz. Once it happens, it happens for all users on the inside interface at the same exact time.

However, the dmz seems to never lose internet access. I think I'm missing or screwed something up with NAT/PAT, but I cannot be sure.

I've tried two separate firewalls. One on version 6.2(3) and 8.0(2) and it's the same issue, so it's most likely a config issue. I've bypassed all switches, changed cables, etc, so it's directly related to the firewall.

Also I know the static statements below are ridiculous, but I couldnt figure out how to give the entire inside interface access to the server on the dmz. Thats a separate issue.

I only have one server on the dmz and the ip address is 192.168.2.2 and the gateway is obviously 192.168.2.200.

The only error I saw was an ARP collision on 192.168.1.200 which is the ip address of the inside interface, but when that popped up, users on the inside interface still had access to internet and dmz.

PIX Version 8.0(2)
!
hostname pixfirewall
enable password xxx encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address xx.xx.45.82 255.255.255.248
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.1.200 255.255.255.0
!
interface Ethernet2
nameif dmz
security-level 10
ip address 192.168.2.200 255.255.255.0
!
passwd xxx encrypted
ftp mode passive
access-list in_out extended permit ip any any
access-list dmz_out extended permit ip any any
access-list acl_out extended permit tcp any host xx.xx.45.83 eq 3389
pager lines 24
logging enable
logging console warnings
logging trap warnings
logging host inside 192.168.1.2
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 192.168.2.0 255.255.255.0
static (dmz,outside) xx.xx.45.83 192.168.2.2 netmask 255.255.255.255
static (inside,dmz) 192.168.1.24 192.168.1.24 netmask 255.255.255.255
static (inside,dmz) 192.168.1.14 192.168.1.14 netmask 255.255.255.255
static (inside,dmz) 192.168.1.3 192.168.1.3 netmask 255.255.255.255
static (inside,dmz) 192.168.1.4 192.168.1.4 netmask 255.255.255.255
static (inside,dmz) 192.168.1.5 192.168.1.5 netmask 255.255.255.255
static (inside,dmz) 192.168.1.6 192.168.1.6 netmask 255.255.255.255
static (inside,dmz) 192.168.1.7 192.168.1.7 netmask 255.255.255.255
static (inside,dmz) 192.168.1.8 192.168.1.8 netmask 255.255.255.255
static (inside,dmz) 192.168.1.9 192.168.1.9 netmask 255.255.255.255
static (inside,dmz) 192.168.1.10 192.168.1.10 netmask 255.255.255.255
static (inside,dmz) 192.168.1.11 192.168.1.11 netmask 255.255.255.255
static (inside,dmz) 192.168.1.12 192.168.1.12 netmask 255.255.255.255
static (inside,dmz) 192.168.1.13 192.168.1.13 netmask 255.255.255.255
static (inside,dmz) 192.168.1.15 192.168.1.15 netmask 255.255.255.255
static (inside,dmz) 192.168.1.16 192.168.1.16 netmask 255.255.255.255
static (inside,dmz) 192.168.1.17 192.168.1.17 netmask 255.255.255.255
static (inside,dmz) 192.168.1.18 192.168.1.18 netmask 255.255.255.255
static (inside,dmz) 192.168.1.19 192.168.1.19 netmask 255.255.255.255
static (inside,dmz) 192.168.1.20 192.168.1.20 netmask 255.255.255.255
static (inside,dmz) 192.168.1.23 192.168.1.23 netmask 255.255.255.255
static (inside,dmz) 192.168.1.25 192.168.1.25 netmask 255.255.255.255
static (inside,dmz) 192.168.1.26 192.168.1.26 netmask 255.255.255.255
static (inside,dmz) 192.168.1.27 192.168.1.27 netmask 255.255.255.255
static (inside,dmz) 192.168.1.28 192.168.1.28 netmask 255.255.255.255
static (inside,dmz) 192.168.1.29 192.168.1.29 netmask 255.255.255.255
static (inside,dmz) 192.168.1.30 192.168.1.30 netmask 255.255.255.255
static (inside,dmz) 192.168.1.31 192.168.1.31 netmask 255.255.255.255
static (inside,dmz) 192.168.1.32 192.168.1.32 netmask 255.255.255.255
static (inside,dmz) 192.168.1.33 192.168.1.33 netmask 255.255.255.255
static (inside,dmz) 192.168.1.34 192.168.1.34 netmask 255.255.255.255
static (inside,dmz) 192.168.1.35 192.168.1.35 netmask 255.255.255.255
static (inside,dmz) 192.168.1.36 192.168.1.36 netmask 255.255.255.255
static (inside,dmz) 192.168.1.37 192.168.1.37 netmask 255.255.255.255
static (inside,dmz) 192.168.1.38 192.168.1.38 netmask 255.255.255.255
static (inside,dmz) 192.168.1.39 192.168.1.39 netmask 255.255.255.255
static (inside,dmz) 192.168.1.40 192.168.1.40 netmask 255.255.255.255
static (inside,dmz) 192.168.1.41 192.168.1.41 netmask 255.255.255.255
static (inside,dmz) 192.168.1.42 192.168.1.42 netmask 255.255.255.255
static (inside,dmz) 192.168.1.43 192.168.1.43 netmask 255.255.255.255
static (inside,dmz) 192.168.1.44 192.168.1.44 netmask 255.255.255.255
static (inside,dmz) 192.168.1.45 192.168.1.45 netmask 255.255.255.255
static (inside,dmz) 192.168.1.46 192.168.1.46 netmask 255.255.255.255
static (inside,dmz) 192.168.1.47 192.168.1.47 netmask 255.255.255.255
static (inside,dmz) 192.168.1.48 192.168.1.48 netmask 255.255.255.255
static (inside,dmz) 192.168.1.49 192.168.1.49 netmask 255.255.255.255
static (inside,dmz) 192.168.1.50 192.168.1.50 netmask 255.255.255.255
static (inside,dmz) 192.168.1.51 192.168.1.51 netmask 255.255.255.255
static (inside,dmz) 192.168.1.52 192.168.1.52 netmask 255.255.255.255
static (inside,dmz) 192.168.1.53 192.168.1.53 netmask 255.255.255.255
static (inside,dmz) 192.168.1.54 192.168.1.54 netmask 255.255.255.255
static (inside,dmz) 192.168.1.55 192.168.1.55 netmask 255.255.255.255
static (inside,dmz) 192.168.1.56 192.168.1.56 netmask 255.255.255.255
static (inside,dmz) 192.168.1.57 192.168.1.57 netmask 255.255.255.255
static (inside,dmz) 192.168.1.58 192.168.1.58 netmask 255.255.255.255
static (inside,dmz) 192.168.1.59 192.168.1.59 netmask 255.255.255.255
static (inside,dmz) 192.168.1.60 192.168.1.60 netmask 255.255.255.255
static (inside,dmz) 192.168.1.61 192.168.1.61 netmask 255.255.255.255
static (inside,dmz) 192.168.1.62 192.168.1.62 netmask 255.255.255.255
static (inside,dmz) 192.168.1.63 192.168.1.63 netmask 255.255.255.255
static (inside,dmz) 192.168.1.64 192.168.1.64 netmask 255.255.255.255
static (inside,dmz) 192.168.1.65 192.168.1.65 netmask 255.255.255.255
static (inside,dmz) 192.168.1.66 192.168.1.66 netmask 255.255.255.255
static (inside,dmz) 192.168.1.67 192.168.1.67 netmask 255.255.255.255
static (inside,dmz) 192.168.1.68 192.168.1.68 netmask 255.255.255.255
static (inside,dmz) 192.168.1.69 192.168.1.69 netmask 255.255.255.255
static (inside,dmz) 192.168.1.70 192.168.1.70 netmask 255.255.255.255
static (inside,dmz) 192.168.1.22 192.168.1.22 netmask 255.255.255.255
static (inside,dmz) 192.168.1.21 192.168.1.21 netmask 255.255.255.255
static (inside,dmz) 192.168.1.2 192.168.1.2 netmask 255.255.255.255
access-group acl_out in interface outside
access-group in_out in interface inside
access-group dmz_out in interface dmz
route outside 0.0.0.0 0.0.0.0 xx.xx.45.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 167.206.112.138
!
dhcpd address 192.168.1.2-192.168.1.70 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
prompt hostname context
Cryptochecksum:482f6b69b4e0b353a5bb6924c2ad84c8
: end
[OK]
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
PIX 515E DMZ with Public IP and Inside with Private IP esudoit@gmail.com Cisco 3 03-06-2007 07:01 AM
Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E jywu1@hotmail.com Cisco 4 12-15-2005 11:27 AM
PIX 515E: VPN (PPTP) and DMZ to INSIDE rules mfoolb@gmail.com Cisco 0 12-02-2005 09:34 AM
Pix 515e :can't reach my DMZ from inside with the public address tofe Cisco 5 05-30-2005 09:50 AM



Advertisments