?
Solved

Testing PIX 506E on existing network causes connectivity failures to servers

Posted on 2004-09-17
3
Medium Priority
?
232 Views
Last Modified: 2010-04-09
I have a PIX 506E that I'm trying to put on my existing network to test my setup and make sure I have everything configured the way it needs to be, but every time I plug it in to the network using the outside interface it causes serious network issues for the other computers on the network specifically my servers.  Pings stop responding and complete connectivity just drops off.

My current network configuration is router>3com firewall>LAN and I'm trying to put the PIX on the LAN with test computers behind it (put it simply I'm trying a firewall (PIX) behind a firewall (3com) to test everything out).  

My first thought was the DHCP server on the PIX was handing out private IPs but DHCP is off on the PIX.  My next thought was a static translation was picking up traffic destined for an existing server's IP that in the end will be behind the PIX, but I don't have any static translations looking to translate current IPs of my servers to private ones behind the PIX.  They're all set up to translate IPs that aren't even used in my current network.

Does anyone have any ideas?  I'd really like to put this on my existing network and check my config rather than just replacing the 3com and deal with it then.

Thanks
0
Comment
Question by:jshuck3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 400 total points
ID: 12085901
Yep. Turn off proxy arp on the outside interface:

sysopt noproxyarp outside
0
 

Author Comment

by:jshuck3
ID: 12086053
Is this something I'm going to want to turn back on when I finally take the 3com firewall out of the picture and just use the PIX or is it safe to leave it off all the time?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12086088
Depends. If you have static NAT entries, you might want to turn it back on in production.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question