Firewall Wizards mailing list archives
Re: PIX 515 7.1 vs: 8.0
From: John Morrison <john.morrison101 () gmail com>
Date: Sat, 19 Mar 2011 11:48:16 +0000
Brian, The PIX guide ( http://www.cisco.com/en/US/docs/security/pix/pix70/hw/installation/guide/515.html) says both the 4FE and 4FE-66 can be used with the unrestricted feature license. A maximum of 6 ports can be used (2 built-in plus the 4FE). On the 4FE the ports are numbered 2, 3, 4, 5 from left to right. The info for the 4FE ( http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080189f0a.html) says it is fine in the 515/515E. The VAC and VAC+ also can be used. 128MB RAM is enough for the features. Only the VAC appears to require at least v6.3 It sounds right. On 17 March 2011 13:01, Brian Blater <brb.lists () gmail com> wrote:
On Tue, Mar 15, 2011 at 4:07 PM, Kevin Horvath <kevin.horvath () gmail com> wrote:1) enable local buffer logging, manually add a host with IP on the inside, then try to access something on the internet, and view your logs for errors, view your connection table "show conn det", and your xlate table to see where the issue is. 2) add a default route to the outside interface, everything else appears directly connected so you dont need routes for those (you can verify your route table with "sh route"). 3) as someone mentioned, looks like you have dhcpd enabled for the dmz and vonage interfaces and not the inside. Add a entry for the inside as well. On Sat, Mar 12, 2011 at 12:54 AM, Christopher J. Wargaski <wargo1 () gmail com> wrote:Hey Brian-- Configuration-wise you should have no problems with 8.0 if you know7.1.You appear to have NAT configured correctly. You ACLs look good too.whatI do not see are any route statements--do you have a default route set? Also, you should increase the message-length maximum to 4096 giventherollout of DNSsec. cjwThank you for everyone's input. I've been working on this the last few days and this is what I've found so far. 1. DHCP for the inside is handled by a server on the inside network so I'm not using the FW for DHCP on the inside. 2. Default route - yes, the default route was not defined at the time I grabbed the config for the e-mail. It is defined now. 3. After being really puzzled by this issue I decided to go back to the basics and removed all the ACLs etc to make sure nothing was screwed up and as Christopher said, the config is correct. 4. Since #3 above didn't change anything I decided to pull the 4FE-PIX66 card and put in a 1FE card just to check everything. Low and behold the DMZ port worked without issue. 5. Figured the 4FE card was bad and got another one. Installed that in the PIX and it does not work either. With the 4FE installed if you look at the interface it shows the port down, but the config has the port active. So, now I'm wondering why the PIX I have will not support the 4FE card. The PIX is a 515E with the unrestricted license with 256M of memory. The PIX also has a VAC+. I've tried the 4FE in both slots and without the VAC+ card and it just refuses to work. I guess I could have 2 bad 4FEs, but I think that is unlikely. Can anyone think of what else I'm missing from the PIX that would cause the 4FE not to work at all? Thanks, Brian _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX 515 7.1 vs: 8.0 Brian Blater (Mar 11)
- Re: PIX 515 7.1 vs: 8.0 John Morrison (Mar 15)
- Re: PIX 515 7.1 vs: 8.0 Christopher J. Wargaski (Mar 15)
- Re: PIX 515 7.1 vs: 8.0 Kevin Horvath (Mar 17)
- Re: PIX 515 7.1 vs: 8.0 Brian Blater (Mar 19)
- Re: PIX 515 7.1 vs: 8.0 Christopher J. Wargaski (Mar 22)
- Re: PIX 515 7.1 vs: 8.0 Brian Blater (Mar 22)
- Re: PIX 515 7.1 vs: 8.0 Christopher J. Wargaski (Mar 22)
- Re: PIX 515 7.1 vs: 8.0 Kevin Horvath (Mar 17)
- Re: PIX 515 7.1 vs: 8.0 John Morrison (Mar 22)
- Re: PIX 515 7.1 vs: 8.0 Brian Blater (Mar 22)