Educause Security Discussion mailing list archives

Re: Pix install

From: Arturo Servin <aservin () ITESM MX>
Date: Thu, 10 Mar 2005 11:09:11 -0600

 

            What about you logs in the PIX?

 

            Are you droping traffic due ACL or no NAT binds?

 

            Also, the pix drop by default all the traffic from the outside
to the inside if no ACL is defined.

 

            Try in config:

Logg buff 5

Logg trap 5

logging host inside <ip_address>

 

            And check your logs, maybe you can see what it is.

 

-as

 

  _____  

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron Childs
Sent: Jueves, 10 de Marzo de 2005 10:32 a.m.
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pix install

 

Good Morning,

  I agree with George.  Take a look at the fixups and also I would take a
look at the timeout values that are towards the bottom of the config.

 

Have a good day,

  Aaron

 

------------

Aaron Childs

Assistant Director, Networking

Westfield State College

http://www.wsc.ma.edu/it/

  _____  

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John
Sent: Thursday, March 10, 2005 10:22 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Pix install

 

Greetings All,

 

We have recently installed a new Pix 525 on a network edge. We are having
issues with some connections dropping. In particular Accuplace web tests
seem to be dropping off. The Pix Devcie manager is logging a traffic drop
for inbound and outbound traffic on both the inside and outside interfaces
about every four minutes. I am unsure if these events are correlated or not
and am roubleshooting.

 

Should anyone have a clue as to where to look I am very appreciative.

 

I am poking at Pix, routers and DNS issues and am opening a case with Crisco
TAC.

 

Cheers,

John Garner

jgarner () sfasu edu

********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/. ********** Participation and subscription
information for this EDUCAUSE Discussion Group discussion list can be found
at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Pix install John (Mar 10)
- <Possible follow-ups>
- Re: Pix install George Russ (Mar 10)
- Re: Pix install Aaron Childs (Mar 10)
- Re: Pix install John (Mar 10)
- Re: Pix install Arturo Servin (Mar 10)
- Re: Pix install George Russ (Mar 10)
- Re: Pix install James M. Driskell (Mar 10)
- Re: Pix install Eric Pancer (Mar 10)