1. Home
  2. Cisco Systems
  3. Still problem with PIX and Solaris-Please help

Still problem with PIX and Solaris-Please help

I tried everything(DNS check, reboot all devices, etc), however still having problem only on solaris box. for some reason it cannot comunicate with PIX at all, all other windows machines are ok. Is there any thing like mtu or other setting I have to change in order to get Solaris talk to PIX? Thanks for any help-Rob

--Original Problem--- Hi,

Recently I replaced my old firewall with a Cisco PIX , and translated all commands, now everything seems to be fine except I cannot get out from my Sun 5.8 (no ping and traceroute outside), also I cannot open a page (port

80)on this box from outside, this is the only Unix based machine I have, and all other servers and workstations are Windows and they seem to be fine. I deleted the mac address for the old firewall using arp -d but didn't work. Does anyone know how to fix this problem?

Thanks in advance for any help.

Reply to
Rob
Loading thread data ...

In article , Rob wrote: :I tried everything(DNS check, reboot all devices, etc), however still having :problem only on solaris box. for some reason it cannot comunicate with PIX :at all, all other windows machines are ok. Is there any thing like mtu or :other setting I have to change in order to get Solaris talk to PIX?

There shouldn't be.

Drop in ethereal or tcpdump and watch the connection attempt.

Make sure that the Solaris system is broadcasting it's ARP requests in a way that the PIX can receive them -- the old old standard for SunOS was to use the base (all 0's in the host part) network address as the broadcast address instead of the upper (all 1's in the host part) network address.

See which end is responding and which end isn't. Create an access list and a 'capture' against the inside interface of the PIX and see if the packet is considered to have gotten there (note: 'capture' is an exception to the general rule that access-lists will be read "backwards" for incoming traffic.)

show arp on the PIX and see if it knows the Solaris system. ping from the PIX towards the Solaris system and see what happens -- one way flows on the ARPs are known to happen, particularily if the netmask is wrong somewhere.

Reply to
Walter Roberson

can the solaris machine ping other devices on the network?

can the pix ping the solaris interface?

-e-

Reply to
Eric Louie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.