1. Home
  2. Cisco Systems
  3. Cisco PIX 501 Firewall

Cisco PIX 501 Firewall

Question:

I've a small home network => 2 pc's, PS2 and a Pinnacle Showcenter 200 and I use my Cisco PIX 501 as a "smart switch" and i've configured my network DHCP. Now I need 1 pc (server) to communicate with the Showcenter (client) OKAY i've got them communicating, BUT it's not working all that well (connection seems slow / to stall from time to time) Everything else in my network works really great (and fast; 100mbps) so it seems a problem in the communication between the (Server) PC and the (Client) Pinnacle Showcenter 200. and I know almost for sure that the problem is a mis configuation at the Cisco PIX 501 Firewall.

I use these rules to allow ALL??? INSIDE (to ouside) network traffic: ACCESS RULE: Source - inside:any Destination - outside:any Interface - inside (outbound) Service - IP TRANSLATION RULE: (original) Interface - inside (original) Address - inside:any/0.0.0.0 (translated) Interface - outside (translated) Address - interface PAT (options) DNS Rewrite - NO (options) Maximum Connections - unlimited (options) Embryonic Limit - unlimited (options) Random Sequence Number - yes

Pinnacle Showcenter 200 needs these next 2 ports to communicate with the (server) PC: => 8000 (TCP) and 1900 (UDP) and these are used only for internall network communication (not for outside (connect to internet) connections)

Do I need to open these in my configuration? because I thought the Cisco PIX

501 allowed all internal traffic by default? Or am I wrong? If I do need to open these ports for the internall communication, how should I do this???

with Kind Regards, Tim

Reply to
Tim Zoetebier
Loading thread data ...

that's right, pix allows traffic from lower sec level to higher by default. >I use my Cisco PIX 501 as > a "smart switch"

what do you mean by that? how are the devices physically connected?

if you say > OKAY i've got them communicating, BUT it's not working all that well > (connection seems slow / to stall from time to time) i doubt it's a pix issue, either it allows traffic or not. you can do some debugging with debug icmp trace, logging or capture,

mak

Reply to
mak

[quote mak:]

internet PIX 501 Firewall (does all the routing) PC's / PS2 / ShowCenter

Reply to
Tim

If the you mean that the Show Centre and the PC both connect to the

501's 4 port Switch then there is nothing to configure to enable communication between the two.

You might want to check the Speed / Duplex settings of all devices - a mismatch could be causing the quality issue. Manually set the Speed and Duplex of the PIX interfaces and all other devices. With the 501's switch port you can't manually set the speed / duplex of each individual interface so be sure to set all devices to the lowest common denominator.

If you see increasing CRC errors on the PIX's ethernet 1 interface (show interface ethernet1) then there probably is a speed duplex mismatch.

James

Tim wrote:

Reply to
James

"James" schreef in bericht news: snipped-for-privacy@e3g2000cwe.googlegroups.com...

*** YES! you've got the picture, that's exactly what I mean. I thought that that was how it works, so nothing to configure, thanks vor verifying that... ***

*** IT was set to 10 half duplex becaus of my isp restrictions, but it's now set to auto. This option didn't work before because than my internet connection dropped near dead, but now days it doesn't give that problem anymore so I (can) use auto option now

Configuration-Interfaces-Inside-security level:100-Hardware: ethernet1-Speed&Duplex: 100FULL-MTU:1500

Configuration-Interfaces-Outside-security level:0-Hardware: ethernet0-Speed&Duplex: auto-MTU:1500

***
*** Not sure what you mean ***
Reply to
Tim

Auto is bad, bad, bad.....

If possible always manually set the speed and duplex, this is the point I was trying to make. However, I think your problem may be with the inside interface so we can ignore the outside interface.

Run the command - show interface ethernet1:-

interface ethernet1 "inside" is up, line protocol is up Hardware is i82559 ethernet, address is 0016.c835.d8e9 IP address 192.168.1.1, subnet mask 255.255.255.0 MTU 1500 bytes, BW 100000 Kbit full duplex 4652226 packets input, 953253916 bytes, 0 no buffer Received 4877 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 5766066 packets output, 663874418 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/27) output queue (curr/max blocks): hardware (1/82) software (0/1)

Do you see any Input, CRC or Frame errors?

What speed and duplex is the PC and the Show Centre machine set too? Make sure they are all set too 100 Full Duplex and not Auto Negotiate.

James

Reply to
James

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.