Still problem with PIX and Solaris-Please help

Discussion in 'Cisco' started by Rob, Mar 21, 2005.

  1. Rob

    Rob Guest

    I tried everything(DNS check, reboot all devices, etc), however still having
    problem only on solaris box. for some reason it cannot comunicate with PIX
    at all, all other windows machines are ok. Is there any thing like mtu or
    other setting I have to change in order to get Solaris talk to PIX?
    Thanks for any help-Rob

    --Original Problem---
    Hi,

    Recently I replaced my old firewall with a Cisco PIX , and translated all
    commands, now everything seems to be fine except I cannot get out from my
    Sun 5.8 (no ping and traceroute outside), also I cannot open a page (port
    80)on this box from outside, this is the only Unix based machine I have, and
    all other servers and workstations are Windows and they seem to be fine. I
    deleted the mac address for the old firewall using arp -d but didn't work.
    Does anyone know how to fix this problem?



    Thanks in advance for any help.
     
    Rob, Mar 21, 2005
    #1
    1. Advertisements

  2. :I tried everything(DNS check, reboot all devices, etc), however still having
    :problem only on solaris box. for some reason it cannot comunicate with PIX
    :at all, all other windows machines are ok. Is there any thing like mtu or
    :eek:ther setting I have to change in order to get Solaris talk to PIX?

    There shouldn't be.

    Drop in ethereal or tcpdump and watch the connection attempt.

    Make sure that the Solaris system is broadcasting it's ARP requests
    in a way that the PIX can receive them -- the old old standard
    for SunOS was to use the base (all 0's in the host part) network address
    as the broadcast address instead of the upper (all 1's in the host part)
    network address.

    See which end is responding and which end isn't. Create an
    access list and a 'capture' against the inside interface of the PIX
    and see if the packet is considered to have gotten there
    (note: 'capture' is an exception to the general rule that access-lists
    will be read "backwards" for incoming traffic.)

    show arp on the PIX and see if it knows the Solaris system. ping
    from the PIX towards the Solaris system and see what happens --
    one way flows on the ARPs are known to happen, particularily if the
    netmask is wrong somewhere.
     
    Walter Roberson, Mar 21, 2005
    #2
    1. Advertisements

  3. Rob

    Eric Louie Guest

    can the solaris machine ping other devices on the network?

    can the pix ping the solaris interface?

    -e-
     
    Eric Louie, Mar 22, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.