question pix firewall

Discussion in 'Cisco' started by Julian Dragut, Apr 7, 2005.

  1. Hi,

    I have a quick question in regards to some dropped packets.

    I have a T1 from Bell, that goes into their "managed router" and then into
    my PIX Firewall.
    Froim time to time I have to call bell to reset the router because the
    internet goes down, and they keep on telling me that the problem is not on
    their side, and that they see a lot of dropped packets in the router's log.

    I've asked them several times now, to send those logs as I don't have access
    to the router, and I cannot see anything wrong in PIX's log either (not that
    pix is very good at reporting)...

    What /how can I see if there's something wrong with either of the setup
    /devices?

    Any idea would be much appreciated!

    Julian Dragut
    Julian Dragut, Apr 7, 2005
    #1
    1. Advertising

  2. Julian Dragut

    BradReeseCom Guest

    Hi Julian,

    You may be experiencing the PIX's "shun" feature. When the PIX see's a
    large amount of traffic from a source it may "shun" the traffic for a
    period of time.

    Sincerely,

    Brad Reese
    BradReese.Com Cisco Resource Center
    Toll Free: 877-549-2680
    International: 828-277-7272
    Website: http://www.bradreese.com/cisco-pix-7-0.htm
    BradReeseCom, Apr 7, 2005
    #2
    1. Advertising

  3. In article <>,
    BradReeseCom <> wrote:
    :You may be experiencing the PIX's "shun" feature. When the PIX see's a
    :large amount of traffic from a source it may "shun" the traffic for a
    :period of time.

    PIX 6.x does not have such a feature under that name. The PIX
    "shun" command has to be put in manually or sent to it by an IDS:
    the PIX never automatically does a "shun" by itself.

    The PIX does have "floodguard" and does have mechanisms in
    the 'static' command to control connection rates and the number
    of pending "half-open" comnections, but "shun" is completely
    differen than either of those.
    --
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
    Walter Roberson, Apr 8, 2005
    #3
  4. Julian Dragut

    Dumbkid Guest

    Whatever your PIX drop, your ISP should not see. You may have a physical
    problem? How do you connect to your ISP router? Xover cable? or a
    hub/switch? If your isp router has fastethernet, make sure to force your
    PIX outside interface to 100/Full. Next, I will try swapping out the cable
    between your isp router and pix.

    Tom


    "Julian Dragut" <> wrote in message
    news:pwf5e.9013$7Q4.6960@clgrps13...
    > Hi,
    >
    > I have a quick question in regards to some dropped packets.
    >
    > I have a T1 from Bell, that goes into their "managed router" and then into
    > my PIX Firewall.
    > Froim time to time I have to call bell to reset the router because the
    > internet goes down, and they keep on telling me that the problem is not on
    > their side, and that they see a lot of dropped packets in the router's

    log.
    >
    > I've asked them several times now, to send those logs as I don't have

    access
    > to the router, and I cannot see anything wrong in PIX's log either (not

    that
    > pix is very good at reporting)...
    >
    > What /how can I see if there's something wrong with either of the setup
    > /devices?
    >
    > Any idea would be much appreciated!
    >
    > Julian Dragut
    >
    >
    Dumbkid, Apr 8, 2005
    #4
  5. Thanks Tom,

    It was the half duplex interface causing the issue!
    Julian Dragut
    "Dumbkid" <> wrote in message
    news:Ltn5e.7839$...
    > Whatever your PIX drop, your ISP should not see. You may have a physical
    > problem? How do you connect to your ISP router? Xover cable? or a
    > hub/switch? If your isp router has fastethernet, make sure to force your
    > PIX outside interface to 100/Full. Next, I will try swapping out the

    cable
    > between your isp router and pix.
    >
    > Tom
    >
    >
    > "Julian Dragut" <> wrote in message
    > news:pwf5e.9013$7Q4.6960@clgrps13...
    > > Hi,
    > >
    > > I have a quick question in regards to some dropped packets.
    > >
    > > I have a T1 from Bell, that goes into their "managed router" and then

    into
    > > my PIX Firewall.
    > > Froim time to time I have to call bell to reset the router because the
    > > internet goes down, and they keep on telling me that the problem is not

    on
    > > their side, and that they see a lot of dropped packets in the router's

    > log.
    > >
    > > I've asked them several times now, to send those logs as I don't have

    > access
    > > to the router, and I cannot see anything wrong in PIX's log either (not

    > that
    > > pix is very good at reporting)...
    > >
    > > What /how can I see if there's something wrong with either of the setup
    > > /devices?
    > >
    > > Any idea would be much appreciated!
    > >
    > > Julian Dragut
    > >
    > >

    >
    >
    Julian Dragut, May 12, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bugsy
    Replies:
    2
    Views:
    2,072
    Walter Roberson
    Nov 29, 2003
  2. Rob
    Replies:
    0
    Views:
    412
  3. Phil
    Replies:
    1
    Views:
    2,056
    Walter Roberson
    Dec 11, 2004
  4. Learning Cisco
    Replies:
    3
    Views:
    2,004
    Walter Roberson
    Oct 15, 2005
  5. DarkoN
    Replies:
    0
    Views:
    647
    DarkoN
    Oct 10, 2006
Loading...

Share This Page