?
Solved

Cisco PIX 506e shutting down

Posted on 2009-04-30
15
Medium Priority
?
661 Views
Last Modified: 2012-06-27
I recently converted fro a PIX 501 to a PIX 506e  - The conversion went well and the only code different on the 506e is the interface ethernet0 10baseT is now interface ethernet0 10full.  After i put the 506 in service and I remotley connect either throug the VPN or through a server connection with remote desktop it runs great for about 2 hours and the I lose the internet and also any remote access of VPN.  I have asked around and someond said that I have to pu in a NO SHUTDOWN statement.  Does this seem correct or could there be another reason?  If this is the reason how would I code that?  interface ethernet0 10full [no shutdown]?
0
Comment
Question by:mikeplastic
  • 9
  • 6
15 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 24274604
Hey

It sounds like someone has crossed wires a bit - the no shutdown command is used to turn on an interface if its shut down - but it doesn't work for PIX506E as the command is only used on PIXs with and OS of 7.X upgwards - PIX 506E only supports up to 6.3(5)

Its possible that you are getting large amounts of errors on the interface.

To check whats happening -
Reboot the PIX
Then run sh interface

when you start having issues do the following
sh interface
and
sh ver

This will show if you interface is incrementing errors - the sh ver will show your uptime in case you have had an unexpected power fail

hth
0
 

Author Comment

by:mikeplastic
ID: 24279505
This is exactly the same config that was running on the PIX 501 with one exception the only code different on the 506e is the interface ethernet0 10baseT is now interface ethernet0 10full.  Could this be a hardware mal-function?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24283638
Yes its possible - most likely if it is, you will see errors by doing a
sh interface

cheers
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mikeplastic
ID: 24291652
TO nodisco:  I loaded the PIX 506e again.  Keep in mind this is the same configuration as the 501.  I have attached a .pdf file .  Istarted it a 1:30pm - did a sh interface. - no errors,  did another sh interface at 2:30PM No erors on ethernet1 on etherneto - 2 input errors 1 frame.. It stopped communicating with the internet at 4:00PM  - sh interface shows ethernet1 - 20 input errors, 10 CRC - ethernet0 16 input errors , 4 CRC, 6 Frame.  I also ran a sh ver and attached that.  Any indications from these results.  It appears to be harware - correct?
PIX-506-E-sh-interface.pdf
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24291691
hey

The sh ver shows that the PIX was just after reloading - but was this from 1:30 when you started testing?
What is interesting is that you get errors on both PIX interfaces when internet stops working.  Are these connected to seperate switches or the same switch with vlans?  If you have management on the switch I'd check what way the ports are being picked up and the error status if any.

If you did a sh ver at  the time of the internet becoming unavailable, check what the uptime of the PIX is.
Another quick test is when the internet becomes unavailable - can you still contact the pix inside ip - ping/telnet/ssh etc?
0
 

Author Comment

by:mikeplastic
ID: 24291728
I did not get the up time - sorry.  I can ping and telnet from the inside to the pix even when it is not communicating!
0
 

Author Comment

by:mikeplastic
ID: 24291731
They are not connected with seaparate switches!
0
 

Author Comment

by:mikeplastic
ID: 24291734
Sorry for parsing my answer - I do not have any management on the switches!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24291747
whoa - so your outside and inside interfaces are both connected to the same unmanaged switch?  
You need to change that quick!  

But re the existing issue.  Does it always happen after a couple of hours?
Can you post the following lines from your config - the xlate timeout
Just to see if this has anything to do with it.

Its looking like a hardware issue alright - but if both are connected to the same switch I would recommend removing the switch and trying inside to 1 switch and outside to another.  Its quite dangerous to have both connecting to the same switch when its not managed.
0
 

Author Comment

by:mikeplastic
ID: 24291767
I may not be answering you correctly on the "management" question.  All we have is our cable modem, the PIX 506e and then connected to the switch.  We have 2 static IP addresses.  

It always cuts off at the 2 3/4 hour to 3 hour mark.

Below the xlate -

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
0
 
LVL 19

Expert Comment

by:nodisco
ID: 24291780
During a test window, try changing your timeout xlate to 1:00:00 and see if it stays up.

Not to worry about the switch - if you are connecting directly from the PIX outside to your cable modem you are all good - I thought you meant that inside and outside on the PIX both connected to the same unmanaged switch.  Considering you are getting errors on both - it looks like you have a PIX hardware issue.  You could try changing your ethernet duplex/speed settings but I would try the xlate first considering its set at 3 hours right now and thats when the issue happens.

0
 

Author Comment

by:mikeplastic
ID: 24291806
I have to go to the main plant (abou  30 miles) to try it again - i will do that tomorrow - thanks for the help so far - much appreciated!  I have changed that statement for the timeout fo 1 hour.    When you say the duplex/speed settings - do you mean it might help if I set the speed on ethernet0 back to 10bateT?
0
 
LVL 19

Accepted Solution

by:
nodisco earned 2000 total points
ID: 24291832
10 baseT is the type of connector.  You have it set to 10full but what you could do is auto negotiate it by putting in
interface ethernet0 auto

and likewise with ethernet1 if necessary - but try the xlate timeout first.
0
 

Author Comment

by:mikeplastic
ID: 24308049
NODISCO:  I made the xlate change today at 10:30am EDT.  All seems OK at this point.  NO errors so far If I have not problems today - i will award the points and close the question.  Thanks!
0
 

Author Closing Comment

by:mikeplastic
ID: 31576656
Excellent job - thanks so much for the help -  checked the status daily - is very stable and no errors.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month15 days, 20 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question