Problem with PIX/WAP connectivity

Discussion in 'Cisco' started by dilan.weerasinghe, Sep 10, 2006.

  1. Hi

    I have a lab set up as follows;

    Speedtouch 836 ADSL router - PIX 506 - Cisco 2924 switch - Linkysys
    wireless G WAP

    Public IP block: x.x.x.192/28
    Router: x.x.x.198
    PIX Outside: x.x.x.193
    PIX Inside VLAN1:
    PIX Inside VLAN2:

    If I remove the PIX from the network and configure the Speedtouch to
    carry out NAT and DHCP then the WAP works fine.
    If I am connected to the 2924 switch via wire (and the WAP is taken out
    of the equation) then there is no issue either.
    However, when the PIX and WAP are both being used, my laptop's wireless
    connection loses internet capability periodically (say around every
    10-20mins). I can still ping the inside interface of the PIX, however
    cannot telnet to it or ping any other sites or the router's address.
    Nor can I even browse to the PDM (provided I am on the correct VLAN),
    even though I can ping the inside interface. If I was connected to the
    PIX via a telnet connection, then I am disconnected.
    After about 5-6 mins, the connection is restored and it everything
    works ok again.

    Sh conf from PIX:

    PIX Version 6.3(4)
    interface ethernet0 10baset
    interface ethernet1 10baset
    interface ethernet1 vlan2 logical
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif vlan2 guest security50
    enable password **** encrypted
    passwd **** encrypted
    hostname pixfirewall
    clock timezone GMT/BST 0
    clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    access-list outside_access_in remark Allow ICMP traffic
    access-list outside_access_in permit icmp any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside x.x.x.193
    ip address inside
    ip address guest
    ip audit info action alarm
    ip audit attack action alarm
    pdm location inside
    pdm location inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0 0
    nat (guest) 1 0 0
    access-group outside_access_in in interface outside
    route outside x.x.x.198 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address inside
    dhcpd address guest
    dhcpd dns y.y.y.100 y.y.y.200
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    dhcpd enable inside
    dhcpd enable guest
    username **** password **** encrypted privilege 15
    terminal width 80
    : end

    Does anyone have any ideas?

    Many tia
    dilan.weerasinghe, Sep 10, 2006
    1. Advertisements

  2. dilan.weerasinghe

    Merv Guest

    Have you tried upgrading to 6.3(5) ?
    Merv, Sep 10, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.