Odd behavior behind the PIX

Discussion in 'Cisco' started by Charles Haron, Apr 21, 2004.

  1. Hello,

    I'm not sure if this is a PIX problem or Linux problem, but here it is:

    If I connect to my PIX 515 using the VPN client, or through a PIX 501 at
    another site, I cannot hit my Linux box (no telnet, ping, etc.). Users
    on the inside of PIX can always hit the Linux box just fine.

    HOWEVER, if I open a VNC session to a Windows box (on the 515 side) on
    the same VPN connection, and then ping or telnet to the Linux from the
    Windows box, subsequent non-VNC connections through the VPN are
    successful.

    It's as if hitting the Linux box through VNC session some how "wakes" up
    the NIC This doesn't make much sense.

    Any suggestions?

    Chuck
     
    Charles Haron, Apr 21, 2004
    #1
    1. Advertisements

  2. :If I connect to my PIX 515 using the VPN client, or through a PIX 501 at
    :another site, I cannot hit my Linux box (no telnet, ping, etc.). Users
    :eek:n the inside of PIX can always hit the Linux box just fine.

    :HOWEVER, if I open a VNC session to a Windows box (on the 515 side) on
    :the same VPN connection, and then ping or telnet to the Linux from the
    :Windows box, subsequent non-VNC connections through the VPN are
    :successful.

    :It's as if hitting the Linux box through VNC session some how "wakes" up
    :the NIC This doesn't make much sense.

    I'd suggest checking the PIX with "show arp" before and after the VNC
    session.

    If I were to guess, it would be that you have an inconsistancy in the
    netmasks, with the PIX inside interface's netmask not matching the
    one used by the Linux box. Then, when the PIX arp's for the IP, it
    doesn't get a response.

    If you have 6.3, you should be able to use the 'capture' command to
    trace specific packets. If you have an earlier software rev, there's
    always turning on packet level debugging on the outside interface.
     
    Walter Roberson, Apr 21, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.