Solved

Testing PIX 506E on existing network causes connectivity failures to servers

Posted on 2004-09-17
3
231 Views
Last Modified: 2010-04-09
I have a PIX 506E that I'm trying to put on my existing network to test my setup and make sure I have everything configured the way it needs to be, but every time I plug it in to the network using the outside interface it causes serious network issues for the other computers on the network specifically my servers.  Pings stop responding and complete connectivity just drops off.

My current network configuration is router>3com firewall>LAN and I'm trying to put the PIX on the LAN with test computers behind it (put it simply I'm trying a firewall (PIX) behind a firewall (3com) to test everything out).  

My first thought was the DHCP server on the PIX was handing out private IPs but DHCP is off on the PIX.  My next thought was a static translation was picking up traffic destined for an existing server's IP that in the end will be behind the PIX, but I don't have any static translations looking to translate current IPs of my servers to private ones behind the PIX.  They're all set up to translate IPs that aren't even used in my current network.

Does anyone have any ideas?  I'd really like to put this on my existing network and check my config rather than just replacing the 3com and deal with it then.

Thanks
0
Comment
Question by:jshuck3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 12085901
Yep. Turn off proxy arp on the outside interface:

sysopt noproxyarp outside
0
 

Author Comment

by:jshuck3
ID: 12086053
Is this something I'm going to want to turn back on when I finally take the 3com firewall out of the picture and just use the PIX or is it safe to leave it off all the time?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12086088
Depends. If you have static NAT entries, you might want to turn it back on in production.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question