Re: [fw-wiz] PIX 515 7.1 vs: 8.0
- From: Brian Blater <brb.lists@xxxxxxxxx>
- Date: Thu, 17 Mar 2011 09:01:51 -0400
On Tue, Mar 15, 2011 at 4:07 PM, Kevin Horvath <kevin.horvath@xxxxxxxxx> wrote:
1) enable local buffer logging, manually add a host with IP on the
inside, then try to access something on the internet, and view your
logs for errors, view your connection table "show conn det", and your
xlate table to see where the issue is.
2) add a default route to the outside interface, everything else
appears directly connected so you dont need routes for those (you can
verify your route table with "sh route").
3) as someone mentioned, looks like you have dhcpd enabled for the dmz
and vonage interfaces and not the inside. Add a entry for the inside
On Sat, Mar 12, 2011 at 12:54 AM, Christopher J. Wargaski
Configuration-wise you should have no problems with 8.0 if you know 7.1.
You appear to have NAT configured correctly. You ACLs look good too. what
I do not see are any route statements--do you have a default route set?
Also, you should increase the message-length maximum to 4096 given the
rollout of DNSsec.
Thank you for everyone's input. I've been working on this the last few
days and this is what I've found so far.
1. DHCP for the inside is handled by a server on the inside network so
I'm not using the FW for DHCP on the inside.
2. Default route - yes, the default route was not defined at the time
I grabbed the config for the e-mail. It is defined now.
3. After being really puzzled by this issue I decided to go back to
the basics and removed all the ACLs etc to make sure nothing was
screwed up and as Christopher said, the config is correct.
4. Since #3 above didn't change anything I decided to pull the
4FE-PIX66 card and put in a 1FE card just to check everything. Low and
behold the DMZ port worked without issue.
5. Figured the 4FE card was bad and got another one. Installed that in
the PIX and it does not work either. With the 4FE installed if you
look at the interface it shows the port down, but the config has the
So, now I'm wondering why the PIX I have will not support the 4FE
card. The PIX is a 515E with the unrestricted license with 256M of
memory. The PIX also has a VAC+. I've tried the 4FE in both slots and
without the VAC+ card and it just refuses to work. I guess I could
have 2 bad 4FEs, but I think that is unlikely.
Can anyone think of what else I'm missing from the PIX that would
cause the 4FE not to work at all?
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] PIX 515 7.1 vs: 8.0
- Next by Date: Re: [fw-wiz] PIX 515 7.1 vs: 8.0
- Previous by thread: Re: [fw-wiz] PIX 515 7.1 vs: 8.0
- Next by thread: Re: [fw-wiz] PIX 515 7.1 vs: 8.0