1. Home
  2. Cisco Systems
  3. PIX 506

PIX 506

Hello,

We have just recently connected to our company's large domain. Our little subsidiary here consist of about 300 people. We were connected in the following manner:

[Corporate] | | [Some Router] | | [Our Company's Server LAN] (This includes our e-mail server) | | [Pix 506] | | [Our Company's LAN]

I've taken a look at the Pix, and everything looks correct. However, ever since we put in the PIX, there are people on the network that have trouble sometimes connecting to the e-mail server. Eventually, everything will connect, but sometimes it takes 30 seconds to a minute. The PIX is configured so that [Our Company's LAN] is actually on the outside of it. I thought that was funny since we are considered to be the bad people, but it does make sense. It's also configured so that it responds to any ARP request for anybody on [Our Company's LAN]. I'm wondering if the PIX just can't support 300 users trying to connect to our e-mail server. If we upgrade the PIX 506 to a larger better PIX, will this possibly solve the situation?

Thanks,

-- Jim

Reply to
CWP
Loading thread data ...
300 users for a PIX-506, imho is suicide. i'm not sure what the exact specs are for these 'soho' firewalls but please do not forget the 's' which stands for 'small'. again, imho, you need to upgrade to at least a 515. but please review my notes below prior to upgrading for an upgrade will not necessarily fix a bigger configuration problem.

  • you mentioned that 'everything looks correct' on the pix.

  • you mentioned that '[Our Company's LAN] is actually on the outside of it. I thought that was funny since we are considered to be the bad people, but it does make sense.'

i don't believe that you should be seeing a significant amount of users having problems accessing network services, unless, something is not configured properly.

double-check your configuration (again), unless you want to post your config and give everyone the opportunity to review it. otherwise, i find it a little disconcerting as to how you have placed your LAN on the 'outside' interface of the firewall. this *will* change how you apply statics, nats, globals and acls, among other things, on your PIX.

do not upgrade unless you are 100% sure, your config is clean.

CWP wrote:

connected

minute.

Reply to
revo

Hi

I've noticed that the PIX 506 doesn't appear to be stocked by most suppliers, is there a newer replacement?

Thanks Ewan.

Reply to
Ewan McNab

| Hi | | I've noticed that the PIX 506 doesn't appear to be stocked by most | suppliers, is there a newer replacement?

It's end of life. ASA5505 is its replacement.

formatting link

Reply to
Morph

All PIXes are EOL and EOS. Please stick to ASA.

Reply to
Lutz Donnerhacke

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.