Cisco PIX 506e shutting down

I recently converted fro a PIX 501 to a PIX 506e  - The conversion went well and the only code different on the 506e is the interface ethernet0 10baseT is now interface ethernet0 10full.  After i put the 506 in service and I remotley connect either throug the VPN or through a server connection with remote desktop it runs great for about 2 hours and the I lose the internet and also any remote access of VPN.  I have asked around and someond said that I have to pu in a NO SHUTDOWN statement.  Does this seem correct or could there be another reason?  If this is the reason how would I code that?  interface ethernet0 10full [no shutdown]?
mikeplasticAsked:
Who is Participating?
 
nodiscoCommented:
10 baseT is the type of connector.  You have it set to 10full but what you could do is auto negotiate it by putting in
interface ethernet0 auto

and likewise with ethernet1 if necessary - but try the xlate timeout first.
0
 
nodiscoCommented:
Hey

It sounds like someone has crossed wires a bit - the no shutdown command is used to turn on an interface if its shut down - but it doesn't work for PIX506E as the command is only used on PIXs with and OS of 7.X upgwards - PIX 506E only supports up to 6.3(5)

Its possible that you are getting large amounts of errors on the interface.

To check whats happening -
Reboot the PIX
Then run sh interface

when you start having issues do the following
sh interface
and
sh ver

This will show if you interface is incrementing errors - the sh ver will show your uptime in case you have had an unexpected power fail

hth
0
 
mikeplasticAuthor Commented:
This is exactly the same config that was running on the PIX 501 with one exception the only code different on the 506e is the interface ethernet0 10baseT is now interface ethernet0 10full.  Could this be a hardware mal-function?
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
nodiscoCommented:
Yes its possible - most likely if it is, you will see errors by doing a
sh interface

cheers
0
 
mikeplasticAuthor Commented:
TO nodisco:  I loaded the PIX 506e again.  Keep in mind this is the same configuration as the 501.  I have attached a .pdf file .  Istarted it a 1:30pm - did a sh interface. - no errors,  did another sh interface at 2:30PM No erors on ethernet1 on etherneto - 2 input errors 1 frame.. It stopped communicating with the internet at 4:00PM  - sh interface shows ethernet1 - 20 input errors, 10 CRC - ethernet0 16 input errors , 4 CRC, 6 Frame.  I also ran a sh ver and attached that.  Any indications from these results.  It appears to be harware - correct?
PIX-506-E-sh-interface.pdf
0
 
nodiscoCommented:
hey

The sh ver shows that the PIX was just after reloading - but was this from 1:30 when you started testing?
What is interesting is that you get errors on both PIX interfaces when internet stops working.  Are these connected to seperate switches or the same switch with vlans?  If you have management on the switch I'd check what way the ports are being picked up and the error status if any.

If you did a sh ver at  the time of the internet becoming unavailable, check what the uptime of the PIX is.
Another quick test is when the internet becomes unavailable - can you still contact the pix inside ip - ping/telnet/ssh etc?
0
 
mikeplasticAuthor Commented:
I did not get the up time - sorry.  I can ping and telnet from the inside to the pix even when it is not communicating!
0
 
mikeplasticAuthor Commented:
They are not connected with seaparate switches!
0
 
mikeplasticAuthor Commented:
Sorry for parsing my answer - I do not have any management on the switches!
0
 
nodiscoCommented:
whoa - so your outside and inside interfaces are both connected to the same unmanaged switch?  
You need to change that quick!  

But re the existing issue.  Does it always happen after a couple of hours?
Can you post the following lines from your config - the xlate timeout
Just to see if this has anything to do with it.

Its looking like a hardware issue alright - but if both are connected to the same switch I would recommend removing the switch and trying inside to 1 switch and outside to another.  Its quite dangerous to have both connecting to the same switch when its not managed.
0
 
mikeplasticAuthor Commented:
I may not be answering you correctly on the "management" question.  All we have is our cable modem, the PIX 506e and then connected to the switch.  We have 2 static IP addresses.  

It always cuts off at the 2 3/4 hour to 3 hour mark.

Below the xlate -

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
0
 
nodiscoCommented:
During a test window, try changing your timeout xlate to 1:00:00 and see if it stays up.

Not to worry about the switch - if you are connecting directly from the PIX outside to your cable modem you are all good - I thought you meant that inside and outside on the PIX both connected to the same unmanaged switch.  Considering you are getting errors on both - it looks like you have a PIX hardware issue.  You could try changing your ethernet duplex/speed settings but I would try the xlate first considering its set at 3 hours right now and thats when the issue happens.

0
 
mikeplasticAuthor Commented:
I have to go to the main plant (abou  30 miles) to try it again - i will do that tomorrow - thanks for the help so far - much appreciated!  I have changed that statement for the timeout fo 1 hour.    When you say the duplex/speed settings - do you mean it might help if I set the speed on ethernet0 back to 10bateT?
0
 
mikeplasticAuthor Commented:
NODISCO:  I made the xlate change today at 10:30am EDT.  All seems OK at this point.  NO errors so far If I have not problems today - i will award the points and close the question.  Thanks!
0
 
mikeplasticAuthor Commented:
Excellent job - thanks so much for the help -  checked the status daily - is very stable and no errors.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.