1. Home
  2. Cisco Systems
  3. PIX problem please help

PIX problem please help

Hi all,

My PIX 506 E is my gateway to our ISP Form last two days i am facing problem of sudden disconection from Internet and in nights slow speed . I had not done any changes in my PIX config or in network what can be the causes

Please help My pix config is

PIX# sh run : Saved : PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ENBsjfoSCcjU22bd level 9 encrypted enable password re9vzSLG8v/gMac6 encrypted passwd CyoDabVAfjpwQ.xk encrypted hostname ALGOPIX domain-name cisco.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 no names name 192.168.1.225 CK name 192.168.1.26 nirvanaserver name 192.168.1.59 BOSERVER name 192.168.1.236 BUGS access-list compiled access-list 110 permit ip host 203.122.33.227 host 148.168.142.224 access-list 110 permit ip host 203.122.33.227 host 148.168.136.173 access-list acl_out permit icmp any any access-list acl_out permit tcp any host 203.122.33.234 eq www access-list acl_out permit tcp any host 203.122.33.234 eq https access-list 90 permit ip 192.168.1.0 255.255.255.0 host 148.168.142.224 access-list outbound permit ip host 192.168.1.225 any access-list outbound permit ip host 192.168.1.223 any access-list outbound permit ip host 192.168.1.101 any access-list outbound permit ip host 192.168.1.64 any access-list outbound permit ip host 192.168.1.57 any access-list outbound permit ip host 192.168.1.224 any access-list outbound deny tcp any host 203.199.76.46 eq www access-list outbound deny tcp any host 203.123.177.151 eq www access-list outbound deny tcp any host 69.93.144.60 eq www access-list outbound deny tcp any host 209.59.130.66 eq www access-list outbound deny tcp any host 207.234.151.235 eq www access-list outbound deny tcp any host 64.136.24.165 eq www access-list outbound deny tcp any host 198.64.153.138 eq www access-list outbound deny tcp any host 64.62.254.91 eq www access-list outbound deny tcp any host 202.45.131.154 eq www access-list outbound deny tcp any host 204.176.140.1 eq www access-list outbound deny tcp any host 216.109.76.15 eq www access-list outbound deny tcp any host 66.29.17.202 eq www access-list outbound deny tcp any host 66.245.190.32 eq www access-list outbound deny tcp any host 65.163.26.158 eq www access-list outbound deny tcp any host 210.210.18.116 eq www access-list outbound deny tcp any host 65.198.151.210 eq www access-list outbound deny tcp any host 202.138.124.21 eq www access-list outbound deny tcp any host 69.25.142.3 eq www access-list outbound deny tcp any host 202.157.139.67 eq www access-list outbound deny tcp any host 66.225.208.28 eq www access-list outbound deny tcp any host 67.15.35.28 eq www access-list outbound deny tcp any host 72.3.235.34 eq www access-list outbound deny tcp any host 216.40.33.117 eq www access-list outbound deny tcp any host 64.74.37.72 eq www access-list outbound deny tcp any host 204.251.15.193 eq www access-list outbound deny tcp any host 195.157.47.11 eq www access-list outbound deny tcp any host 202.138.113.138 eq www access-list outbound deny tcp any host 207.106.4.71 eq www access-list outbound deny tcp any host 193.254.210.161 eq www access-list outbound deny tcp any host 217.118.141.223 eq www access-list outbound deny tcp any host 216.234.231.34 eq www access-list outbound deny tcp any host 203.147.138.33 eq www access-list outbound deny tcp any host 63.150.131.40 eq www access-list outbound deny tcp any host 80.168.92.175 eq www access-list outbound deny tcp any host 80.168.92.140 eq www access-list outbound deny tcp any host 195.224.213.18 eq www access-list outbound deny tcp any host 203.199.107.183 eq www access-list outbound deny tcp any host 63.112.169.1 eq www access-list outbound deny tcp any host 69.25.47.163 eq www access-list outbound deny tcp any host 198.65.13.227 eq www access-list outbound permit ip any any access-list outbound permit icmp any any access-list 102 deny tcp any any eq 445 access-list 102 deny udp any any eq 445 access-list 102 permit icmp any any access-list vpn_permit permit ip any host 148.168.142.224 access-list vpn_permit permit ip host 148.168.142.224 any access-list vpn_permit permit ip host 148.168.34.43 any access-list vpn_permit permit tcp host 148.168.34.43 any access-list vpn_permit permit ip any host 148.168.34.43 access-list vpn_permit deny ip any any access-list vpn_permit permit tcp any host 148.168.34.43 pager lines 24 logging timestamp logging standby logging trap informational logging history notifications logging facility 16 logging queue 100 logging host inside 192.168.1.225 17/1058 mtu outside 1500 mtu inside 1500 ip address outside 203.122.33.230 255.255.255.224 ip address inside 192.168.1.1 255.255.255.0 ip verify reverse-path interface outside ip verify reverse-path interface inside ip audit name AttackPolicy attack action alarm drop ip audit name InfoPolicy info action alarm drop ip audit interface inside InfoPolicy ip audit interface inside AttackPolicy ip audit info action alarm ip audit attack action alarm ip local pool PPTP 192.168.1.240-192.168.1.250 pdm location 192.168.1.225 255.255.255.255 inside pdm location 192.168.1.0 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 203.122.33.227 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 203.122.33.232 192.168.1.59 netmask

255.255.255.255 0 static (inside,outside) 203.122.33.234 192.168.1.236 netmask 255.255.255.255 0

access-group acl_out in interface outside access-group outbound in interface inside route outside 0.0.0.0 0.0.0.0 203.122.33.225 1 route outside 0.0.0.0 0.0.0.0 148.168.34.43 2 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:01:00 rpc 0:10:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa proxy-limit 5 http server enable http 192.168.1.0 255.255.255.255 inside http 192.168.1.225 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable crypto ipsec transform-set strong esp-3des esp-md5-hmac crypto map topfizer 20 ipsec-isakmp crypto map topfizer 20 match address 110 crypto map topfizer 20 set peer 85.59.5.2 crypto map topfizer 20 set transform-set strong crypto map topfizer interface outside isakmp enable outside isakmp key ******** address 85.59.6.4 netmask 255.255.255.255 isakmp policy 8 authentication pre-share isakmp policy 8 encryption 3des isakmp policy 8 hash md5 isakmp policy 8 group 2 isakmp policy 8 lifetime 86400 isakmp policy 9 authentication rsa-sig isakmp policy 9 encryption des isakmp policy 9 hash sha isakmp policy 9 group 1 isakmp policy 9 lifetime 86400 telnet 192.168.1.225 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:6a0d65162af92f885ac9b7708cb95461 : end ALGOPIX#
Reply to
NETADMIN
Loading thread data ...

Have you checked the internet router? Is the circuit dropping out? Have you spoken to your ISP? Have they checked the circuit for any alarms? When the "internet" drops out, can you get out of your network or can you not get past the Pix?

Chris.

Reply to
chris

ISP link is okie even though it works when put a machine instead of PIX for routing But with PIX its drooping out packets inbetween What can be the causes help plz.

Reply to
NETADMIN

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.