Cisco Pix 506e - At a loss

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rhynes

Thread Starter
Joined
Aug 14, 2006
Messages
916
I've been all around the bush with this one, even got cisco scratching their skulls.

One of my clients has a pix 506e, been running fine for 3 years but a month ago, they started experiencing internet dropoffs. No rhyme or reason. It's just acting as a gateway and network quarantine, blocking ports. There is a 2003 DC on site that's been running for 3 years now, nothing has changed.

As a test, took the pix offline and replaced it for a week with a basic d-link, everything was ok at that point. Called cisco, fine, they sent a replacement. Installed the replacement pix, running the 6.2 IOS software from the factory, ran fine for a week. Updated the IOS and PDM to the latest versions downloaded from cisco's website. Ran fine for a couple of days but then the dropoffs started reoccurring. :confused: The syslog shows nothing out of the ordinary. Running "clear xlate" sometimes fixes the issue (once for 2 weeks) but it started again. Show tech reveals nothing out of the ordinary, even the cisco techs looked at it and I gave them ssh access to verify everything is correct.

The funny part is, sometimes it's just DNS that's dropping, other times its total internet loss. I've scheduled restarts of the DNS server 4 times a day in the off chance that was causing it but no effect. Restarting the PIX brings the internet back online.

I've taken it apart, cleaned it and replaced the cpu fan, no avail. Runs hot but that's normal.

The DC takes care of basic dns, forwarding out to the ISP's dns servers, can't get much simpler but i'm scratching my head now. Other than the IOS download from cisco, nothing has changed but yet, 2 cisco pix units are doing the same thing.

Anyone else experience this or have any other ideas? I find with cisco, it's either all or nothing, either it works great or doesn't at all. I've never experienced issues like this at all.
 
Joined
Aug 12, 2000
Messages
642
Post a copy of the config with the sensitive stuff edited out. It could be a variety of things. Did TAC take ever take a core dump file when it froze and before rebooting?
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,647
What version of PIX OS are you running?

Also, what type of ISP connection do you have?
 

rhynes

Thread Starter
Joined
Aug 14, 2006
Messages
916
I won't have access to the pix til monday. Otherwise, there's been different techs (cisco and friends) perusing this config, like I say, it hasn't changed in quite a while.

The current version of IOS is 6.35, ver 7 is not supported for the pix. Internet access is via telus DSL, static ip given through reservation.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,647
I wonder if it might be some sort of MTU problem.

I'm also scratching my head to remember when I worked on a couple of PIX506Es which OS level I had them running. I could have sworn I had them running on 7 but it's been a couple of years. So my memory is a bit hazy.
 

rhynes

Thread Starter
Joined
Aug 14, 2006
Messages
916
tried playing with the mtu's as well, works best at default. I wish version 7 was available for the pix, dynamic dns would be a great option alone but alas, the ASA is the better option anyhow.

Was just wondering if anyone else has dealt with this...
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,647
If you can upgrade to the ASA5505, I would say do it. I own two of them personally and they're great. But as far as dynamic DNS support, Cisco's implementation is based of the official RFC which many of the services out there do not follow. I'm using DynDNS and there's no way to run it with the ASA.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top