- Traffic stop on a PIX 515
PDA

View Full Version : Traffic stop on a PIX 515

Romme
07-25-2004, 02:47 AM
Hi all

I have a problem with my PIX 515 firewall.

Sometimes the traffic just stop passing for a period of time.
It can bee for 20-40 minutes.

If I log on to the PIX via serial interface, I can see it's running,
but I can't ping clients on the inside or the outside.

If I don't touch anything, the traffic will start passing agin after
sometime.

How do I trace down this problem?

My PIX info:
------------------------------------------------------
Cisco PIX Firewall Version 6.3(3)
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0050.54ff.45fa, irq 10
1: ethernet1: address is 0050.54ff.45fb, irq 7
Licensed Features:
Failover: Enabled
VPN-DES: Disabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
Serial Number: 480130143 (0x1c9e345f)
------------------------------------------------------

Regards
/Romme
emma@abacho.de
07-25-2004, 02:48 AM
Try to make a "show interface" and "sh log" when traffic stops. Also I
wonder that neither des nor 3des/aes are enabled on your pix.


"Romme" <ask@me> wrote in message news:<40f847f7$0$281$edfadb0f@dread11.news.tele.dk>...
> Hi all
>
> I have a problem with my PIX 515 firewall.
>
> Sometimes the traffic just stop passing for a period of time.
> It can bee for 20-40 minutes.
>
> If I log on to the PIX via serial interface, I can see it's running,
> but I can't ping clients on the inside or the outside.
>
> If I don't touch anything, the traffic will start passing agin after
> sometime.
>
> How do I trace down this problem?
>
> My PIX info:
> ------------------------------------------------------
> Cisco PIX Firewall Version 6.3(3)
> Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
> Flash i28F640J5 @ 0x300, 16MB
> BIOS Flash AT29C257 @ 0xfffd8000, 32KB
> 0: ethernet0: address is 0050.54ff.45fa, irq 10
> 1: ethernet1: address is 0050.54ff.45fb, irq 7
> Licensed Features:
> Failover: Enabled
> VPN-DES: Disabled
> VPN-3DES-AES: Disabled
> Maximum Physical Interfaces: 6
> Maximum Interfaces: 10
> Cut-through Proxy: Enabled
> Guards: Enabled
> URL-filtering: Enabled
> Inside Hosts: Unlimited
> Throughput: Unlimited
> IKE peers: Unlimited
> Serial Number: 480130143 (0x1c9e345f)
> ------------------------------------------------------
>
> Regards
> /Romme