Traffic stop on PIX 515

Hi all

I have a problem with my PIX 515 firewall.

Sometimes the traffic just stop passing for a period of time. It can bee for 20-40 minutes.

If I log on to the PIX via serial interface, I can see it's running, but I can't ping clients on the inside or the outside.

If I don't touch anything, the traffic will start passing agin after sometime.

How do I trace down this problem?

My PIX info:

------------------------------------------------------ Cisco PIX Firewall Version 6.3(3) Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0050.54ff.45fa, irq 10 1: ethernet1: address is 0050.54ff.45fb, irq 7 Licensed Features: Failover: Enabled VPN-DES: Disabled VPN-3DES-AES: Disabled Maximum Physical Interfaces: 6 Maximum Interfaces: 10 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited Serial Number: 480130143 (0x1c9e345f)


Regards /Romme

Reply to
Loading thread data ...

Try turning on the logging function and see if there are any entries when the problem occurs. There were some PIX 515s that totally locked up due to componant problems, but yours is outside the serial number range (44405200000 - 44405399999 and 44481200000 - 44481399999), so I think this is another problem, and the logging may give more of a clue.



Reply to

I have logging on, but the only thing I see just before traffic stop passing is a lot of timeout sync.

Regards /Romme

Reply to

sho memory sho cpu usage sho conn proto tcp sho conn proto udp sho xlate detail--->clear xlate (helps in case NAT table gets too big)

Could be some of these resources are exhausted. What version of image?

Reply to
Observer Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.