Getting PIX 501 error.

Posted on 2004-08-10
Last Modified: 2013-11-16
Please excuse my ignorance, but I'm new to the PIX ballgame, but learning fast.

When booting up the pix I get this error and not sure what to make of it.

ethernet1 interface can only be set to 100full.
DHCP command failed
outside interface address added to PAT pool
.The sysopt route dnat option has been deprecated
Config Error -- no sysopt route dnat
address range overlap with interface ip address

Ok the PIX is not currently connected to the cable modem so that is why im getting the DHCP error.   Not real sure about the other statments.  The one that concerns me is the statement "address range overlap with interface ip address"

Here is my current config to help diagnose the problem.

Rayspixfirewall# sh run
: Saved
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password O56K8D.xqN/Hcd36 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Rayspixfirewall
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
no fixup protocol ftp 21
fixup protocol ftp 2121
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
name Server
name raysathlon
access-list outside_in permit tcp any any eq www
access-list outside_in permit tcp any any eq 3389
access-list outside_in permit tcp any any eq 2121
access-list outside_in permit tcp any any eq 4899
access-list outside_in permit tcp any any eq 1755
access-list outside_in permit tcp any any eq smtp
access-list outside_in permit tcp any any eq 554
access-list outside_in permit tcp any any eq 69
access-list outside_in permit tcp any any eq ftp
pager lines 24
logging on
logging timestamp
logging console errors
logging monitor debugging
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm location Server inside
pdm location inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0 0
static (inside,outside) tcp interface www Server www netmask 0 0
static (inside,outside) tcp interface smtp Server smtp netmask 0 0
static (inside,outside) tcp interface 3389 Server 3389 netmask 0 0
static (inside,outside) tcp interface 2121 Server 2121 netmask 0 0
static (inside,outside) tcp interface 4899 Server 4899 netmask 0 0
static (inside,outside) tcp interface 1755 Server 1755 netmask 0 0
static (inside,outside) tcp interface 554 Server 554 netmask 0 0
static (inside,outside) tcp interface 69 Server 69 netmask 0 0
static (inside,outside) tcp interface ftp Server ftp netmask 0 0
access-group outside_in in interface outside
rip inside default version 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp enable outside
isakmp enable inside
isakmp keepalive 10 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup raysvpn dns-server Server
vpngroup raysvpn default-domain
vpngroup raysvpn idle-time 1800
vpngroup raysvpn password ********
telnet inside
telnet timeout 5
ssh inside
ssh timeout 60
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username raydoran password cUynQTe6ojEYJ1VX encrypted privilege 15
terminal width 100
: end

Any assistance would be greatly appreciated.
Question by:RayDoran
LVL 36

Accepted Solution

grblades earned 500 total points
Comment Utility
I am not sure where those errors are coming from. I think the offending commands were ignored so you cannot see them when you show the running configuration.
You configuration looks good apart from a few missing lines if you want to VPN into it. I think if you do a "wri mem" to resave the configuration those errors should disappear.

Expert Comment

Comment Utility
Did you recently upgrade the PIX with the new 6.3(3) code , with the old configuration ?

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now