Solved

Testing PIX 506E on existing network causes connectivity failures to servers

Posted on 2004-09-17
3
226 Views
Last Modified: 2010-04-09
I have a PIX 506E that I'm trying to put on my existing network to test my setup and make sure I have everything configured the way it needs to be, but every time I plug it in to the network using the outside interface it causes serious network issues for the other computers on the network specifically my servers.  Pings stop responding and complete connectivity just drops off.

My current network configuration is router>3com firewall>LAN and I'm trying to put the PIX on the LAN with test computers behind it (put it simply I'm trying a firewall (PIX) behind a firewall (3com) to test everything out).  

My first thought was the DHCP server on the PIX was handing out private IPs but DHCP is off on the PIX.  My next thought was a static translation was picking up traffic destined for an existing server's IP that in the end will be behind the PIX, but I don't have any static translations looking to translate current IPs of my servers to private ones behind the PIX.  They're all set up to translate IPs that aren't even used in my current network.

Does anyone have any ideas?  I'd really like to put this on my existing network and check my config rather than just replacing the 3com and deal with it then.

Thanks
0
Comment
Question by:jshuck3
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
Comment Utility
Yep. Turn off proxy arp on the outside interface:

sysopt noproxyarp outside
0
 

Author Comment

by:jshuck3
Comment Utility
Is this something I'm going to want to turn back on when I finally take the 3com firewall out of the picture and just use the PIX or is it safe to leave it off all the time?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Depends. If you have static NAT entries, you might want to turn it back on in production.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now