Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to debug errors for packet loss on CIsco PIX 506e

Posted on 2007-11-27
1
2,327 Views
Last Modified: 2008-02-05
I am in process of setting up a site-to-site VPN between a Juniper SSG-140 firewall and Cisco PIX 506e.   From the Juniper side, it completes Phase 1, but doesn't seem to be able to get through Phase 2 and can't Ping anything on Cisco side.  On the Cisco side, I can ping and connect to all devices on the Juniper side.

basic info:

Juniper -
    private IP = 10.10.7.2
    public IP = x.x.32.98

Cisco -
    private IP = 10.10.12.2
    public IP = x.x.3.42

I was told by Juniper support to run debug on the PIX to check for packet loss.
How does this get done, and how do I view the results?



0
Comment
Question by:WPC479
1 Comment
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20359990
If you issue the command "show interface" from the PIX CLI, you'll get output similar to the following:

pixfirewall# sh int
interface ethernet0 "outside" is up, line protocol is down
  Hardware is i82559 ethernet, address is 000d.28d3.3275
  MTU 1500 bytes, BW 10000 Kbit half duplex
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        9 packets output, 5310 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        9 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/0)
        output queue (curr/max blocks): hardware (0/1) software (0/1)

The output above shows the Ethernet0 interface on a PIX 501 which doesn't have anything connected to it, hence the protocol down state.  If you look in the middle of the output, you'll see several lines related to input/output errors, CRC errors, frame errors, etc...I would look at those and see what you get.  You should see all those values at "0" if everything is working OK.  If you see a high amount of any of those errors, then you could report those values back to Juniper and see what they say.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New office setup 2 28
SSIS with VPN COnnection 2 101
Cisco Aironet 1140: setting up basic SSID 12 35
What is the VPn crypto table on a Cisco ASA? 2 16
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question