PIX configuration
We have 2 PIX FW: 515 and 515E. They both work OK when connected to Verizon (ISP).
But when we switch to AT&T (ISP), only 515 works, but not 515E, even we use the same template.
Our Network: Inside LAN ---- PIX 515E -- AT&T Router --- Internet
We can ping any IPs on the Internet from the firewall but not from the Inside LAN.
Thank you.
Tac
Template.txt
But when we switch to AT&T (ISP), only 515 works, but not 515E, even we use the same template.
Our Network: Inside LAN ---- PIX 515E -- AT&T Router --- Internet
We can ping any IPs on the Internet from the firewall but not from the Inside LAN.
Thank you.
Tac
Template.txt
batry_boy
When you switch the 515 with the 515E, did you power cycle the AT&T router to clear its ARP cache? You may even need to clear the ARP cache on the internal switch that the inside PIX interface is attached to.
ASKER
Hi Batry Boy,
Thank you very much for your help. Last time I did recycle the AT&T router but not the Switch, I will try it nest time.
Besises do I have to use the command " Clear Xlate" on the PIX?
Thanks.
Tac
Thank you very much for your help. Last time I did recycle the AT&T router but not the Switch, I will try it nest time.
Besises do I have to use the command " Clear Xlate" on the PIX?
Thanks.
Tac
You only have to do a "clear xlat" on the PIX when you modify any of the existing translations (add/delete/modify). When you put one PIX in place after bringing down the other one, you are automatically clearing the translation table because I assume that you are power cycling the PIX. If this is not the case, then you can issue the "clear xlat" command to see if it helps.
When you have the 515E in place, can you ping an Internet host from the PIX itself?
When you have the 515E in place, can you ping an Internet host from the PIX itself?
ASKER
Yes, when I have the PIX 515E connected, from the PIX I can ping any Internet host but not from the Inside LAN.
One more thing from the Inside LAN I can ping some host in the DMZ but not all.
Thanks.
Tac
One more thing from the Inside LAN I can ping some host in the DMZ but not all.
Thanks.
Tac
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try all your advices tonight @6 PM PCt and will let you know the result.
Again thank you very much
Tac
Again thank you very much
Tac
ASKER
Hi Batry Boy,
This evening, based on your advice, I cleared all ARP cache on the AT&T router, our internal HP and DMZ switches then everything looked good, The PIX worked OK.
Thank you very much, I sincerely appreciate your expertise.
I think we will need more help from you in the future if you don't mind.
Tac
818-441-1869 (c)
This evening, based on your advice, I cleared all ARP cache on the AT&T router, our internal HP and DMZ switches then everything looked good, The PIX worked OK.
Thank you very much, I sincerely appreciate your expertise.
I think we will need more help from you in the future if you don't mind.
Tac
818-441-1869 (c)