Cisco PIX some hosts get no internet connectivity

Symptoms:

Some servers using Cisco PIX as default gateway may lose internet connectivity intermittently or permanently while other servers using the same Cisco PIX as their default gateway don’t. You can ping the gateway from the affected servers but they simply fail to route any further than the PIX.

Troubleshooting:

Investigate PIX configuration. Considering you would know if anyone had made any firewall configuration changes… hopefully 😉 it is unlikely you will find anything.

Assuming the configuration looks good run ‘clear xlate’ the affected hosts may temporarily regain internet connectivity.

If the above is true then the problem is probably that your PIX license has a limit on inside host connections. Run ‘show ver’ to see the license details, example below:

Pix's

Assuming you find a limit on the inside hosts you can verify if you have hit that limit by running ‘show local-host’ near the top it will show the number of current connections.

Solution:

I do not believe you can upgrade the license on the PIX as it is no longer sold so you might need to replace with an appropriately licensed Cisco ASA (or other firewall) or if you are able you could set some hosts to use a different default gateway.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>