Cisco 515 PIX, global addresses, no internet, help

Discussion in 'Cisco' started by djone, Dec 7, 2007.

  1. djone

    djone Guest

    Ok. I am having the weirdest problem and I can't tell where the fault
    lays. So here is the situation

    The other day we started experiencing a random internet outage. Well
    after some testing what I found out was that the firewall wasn't
    allowing any traffic past it for some odd reason. So after some more
    testing I found out that if I removed all the global addresses and
    made the company just use one PAT address then everyone could access
    the internet and get past the PIX. At first thought that maybe we had
    exhausted all of our IPs and the system was having a hard time
    building the translations. But me being a newbie at this means that
    I'm probably wrong. I went through every config line by hand and
    can't see where we would be block a whole range of IPs but then
    allowing one single ip to leave. I even checked our external router
    and I didn't see anything that would have caused such a problem. I
    mean my thinking is that if a whole range of IPs is blocked or not
    working, that would mean that even the PAT address I'm using would be
    blocked also. So after some more testing and increasing the logging, I
    came across this:

    c 6 17:28:45 192.168.4.1 %PIX-6-609001: Built local-host inside:
    192.168.4.81
    Dec 6 17:28:45 192.168.4.1 %PIX-6-305009: Built dynamic translation
    from inside:192.168.4.81 to outside:##.##.##.##
    Dec 6 17:28:45 192.168.4.1 %PIX-6-302013: Built outbound TCP
    connection 4243573 for outside:64.246.26.120/80 (64.246.26.120/80) to
    inside:192.168.4.81/2032 (##.##.##.##/2032)
    Dec 6 17:28:51 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1872 to 72.14.253.125/443 flags PSH ACK on
    interface inside
    Dec 6 17:28:51 192.168.4.1 %PIX-6-302013: Built outbound TCP
    connection 4243646 for outside:72.14.253.125/5222 (72.14.253.125/5222)
    to inside:192.168.4.81/2033 (12.179.97.46/2033)
    Dec 6 17:28:53 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1875 to 216.155.193.168/5050 flags PSH ACK on
    interface inside
    Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1896 to 64.12.26.90/5190 flags PSH ACK on interface
    inside
    Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1927 to 205.188.13.36/5190 flags FIN ACK on
    interface inside
    Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1920 to 205.188.176.105/5190 flags FIN ACK on
    interface inside
    Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1917 to 205.188.248.146/5190 flags FIN ACK on
    interface inside
    Dec 6 17:28:59 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1914 to 205.188.153.2/5190 flags FIN ACK on
    interface inside
    Dec 6 17:29:07 192.168.4.1 %PIX-6-106015: Deny TCP (no connection)
    from 192.168.4.81/1977 to 207.46.111.19/1863 flags PSH ACK on
    interface inside

    Does this even matter at all? Any help would be much appreciated,
    especially since I'm very new to the networking world. Thank you.
    djone, Dec 7, 2007
    #1
    1. Advertising

  2. djone

    BoBraxton

    Joined:
    Jul 6, 2006
    Messages:
    11
    515 PIX for VPN 'Authentication failed' at client

    We have 515 PIX and all our stuff is working except VPN, which began failing "Authentication Failed" (at client) sometime in October. Do you also do VPN with yours? I, too, am totally new.
    BoBraxton, Dec 20, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mk
    Replies:
    2
    Views:
    2,586
    Walter Roberson
    May 12, 2004
  2. silvestri

    Pix 506 with two global addresses

    silvestri, Jul 16, 2004, in forum: Cisco
    Replies:
    3
    Views:
    2,600
    Kevin Widner
    Jul 16, 2004
  3. Scott Townsend
    Replies:
    8
    Views:
    691
    Roman Nakhmanson
    Feb 22, 2006
  4. Hoffa
    Replies:
    0
    Views:
    687
    Hoffa
    Oct 25, 2006
  5. Hoffa
    Replies:
    1
    Views:
    1,486
    Walter Roberson
    Oct 25, 2006
Loading...

Share This Page