1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cisco Pix 506e - At a loss

Discussion in 'Networking' started by rhynes, Apr 11, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. rhynes

    rhynes Thread Starter

    Joined:
    Aug 14, 2006
    Messages:
    916
    I've been all around the bush with this one, even got cisco scratching their skulls.

    One of my clients has a pix 506e, been running fine for 3 years but a month ago, they started experiencing internet dropoffs. No rhyme or reason. It's just acting as a gateway and network quarantine, blocking ports. There is a 2003 DC on site that's been running for 3 years now, nothing has changed.

    As a test, took the pix offline and replaced it for a week with a basic d-link, everything was ok at that point. Called cisco, fine, they sent a replacement. Installed the replacement pix, running the 6.2 IOS software from the factory, ran fine for a week. Updated the IOS and PDM to the latest versions downloaded from cisco's website. Ran fine for a couple of days but then the dropoffs started reoccurring. :confused: The syslog shows nothing out of the ordinary. Running "clear xlate" sometimes fixes the issue (once for 2 weeks) but it started again. Show tech reveals nothing out of the ordinary, even the cisco techs looked at it and I gave them ssh access to verify everything is correct.

    The funny part is, sometimes it's just DNS that's dropping, other times its total internet loss. I've scheduled restarts of the DNS server 4 times a day in the off chance that was causing it but no effect. Restarting the PIX brings the internet back online.

    I've taken it apart, cleaned it and replaced the cpu fan, no avail. Runs hot but that's normal.

    The DC takes care of basic dns, forwarding out to the ISP's dns servers, can't get much simpler but i'm scratching my head now. Other than the IOS download from cisco, nothing has changed but yet, 2 cisco pix units are doing the same thing.

    Anyone else experience this or have any other ideas? I find with cisco, it's either all or nothing, either it works great or doesn't at all. I've never experienced issues like this at all.
     
  2. hermes

    hermes

    Joined:
    Aug 12, 2000
    Messages:
    642
    Post a copy of the config with the sensitive stuff edited out. It could be a variety of things. Did TAC take ever take a core dump file when it froze and before rebooting?
     
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,271
    What version of PIX OS are you running?

    Also, what type of ISP connection do you have?
     
  4. rhynes

    rhynes Thread Starter

    Joined:
    Aug 14, 2006
    Messages:
    916
    I won't have access to the pix til monday. Otherwise, there's been different techs (cisco and friends) perusing this config, like I say, it hasn't changed in quite a while.

    The current version of IOS is 6.35, ver 7 is not supported for the pix. Internet access is via telus DSL, static ip given through reservation.
     
  5. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,271
    I wonder if it might be some sort of MTU problem.

    I'm also scratching my head to remember when I worked on a couple of PIX506Es which OS level I had them running. I could have sworn I had them running on 7 but it's been a couple of years. So my memory is a bit hazy.
     
  6. rhynes

    rhynes Thread Starter

    Joined:
    Aug 14, 2006
    Messages:
    916
    tried playing with the mtu's as well, works best at default. I wish version 7 was available for the pix, dynamic dns would be a great option alone but alas, the ASA is the better option anyhow.

    Was just wondering if anyone else has dealt with this...
     
  7. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,271
    If you can upgrade to the ASA5505, I would say do it. I own two of them personally and they're great. But as far as dynamic DNS support, Cisco's implementation is based of the official RFC which many of the services out there do not follow. I'm using DynDNS and there's no way to run it with the ASA.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Cisco 506e loss
  1. willymwangi
    Replies:
    2
    Views:
    238
  2. nitehawk645
    Replies:
    3
    Views:
    481
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702780

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice