[c-nsp] Strange PIX interface problem

Peter Nyamukusa petern at africaonline.co.tz
Mon Feb 25 08:04:39 EST 2008


Hi William,

It looks like the 'interface ethernet1 auto' command has solved the problem
Many thanks for the effort

Cheers
Peter

-----Original Message-----
From: William [mailto:willay at gmail.com] 
Sent: Monday, February 25, 2008 3:50 PM
To: Peter Nyamukusa
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Strange PIX interface problem

try 'interface ethernet1 auto' or 'no interface ethernet1 auto shutdown'

You can see in the configuration that its currently in shutdown mode.

Regards,

W
On 25/02/2008, Peter Nyamukusa <petern at africaonline.co.tz> wrote:
> Here it is below
>  I have only put the Ip as I am trying to login to the PDM
>
>  :
>  PIX Version 6.3(3)
>  interface ethernet0 auto shutdown
>  interface ethernet1 auto shutdown
>  nameif ethernet0 outside security0
>  nameif ethernet1 inside security100
>  enable password 8Ry2YjIyt7RRXU24 encrypted
>  passwd 2KFQnbNIdI.2KYOU encrypted
>  hostname pixfirewall
>  fixup protocol dns maximum-length 512
>  fixup protocol ftp 21
>  fixup protocol h323 h225 1720
>  fixup protocol h323 ras 1718-1719
>  fixup protocol http 80
>  fixup protocol rsh 514
>  fixup protocol rtsp 554
>  fixup protocol sip 5060
>  fixup protocol sip udp 5060
>  fixup protocol skinny 2000
>  fixup protocol smtp 25
>  fixup protocol sqlnet 1521
>  fixup protocol tftp 69
>  names
>  pager lines 24
>  mtu outside 1500
>  mtu inside 1500
>  no ip address outside
>  ip address inside 192.168.1.1 255.255.255.0
>  ip audit info action alarm
>  ip audit attack action alarm
>  no failover
>  failover timeout 0:00:00
>  failover poll 15
>  no failover ip address outside
>  no failover ip address inside
>  pdm history enable
>  arp timeout 14400
>  timeout xlate 3:00:00
>  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
>  1:00:00
>  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
>  timeout uauth 0:05:00 absolute
>  aaa-server TACACS+ protocol tacacs+
>  aaa-server RADIUS protocol radius
>  aaa-server LOCAL protocol local
>  http server enable
>  http 192.168.1.2 255.255.255.255 inside
>  no snmp-server location
>
>  no failover ip address inside
>  pdm history enable
>  arp timeout 14400
>  timeout xlate 3:00:00
>  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
>  1:00:00
>  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
>  timeout uauth 0:05:00 absolute
>  aaa-server TACACS+ protocol tacacs+
>  aaa-server RADIUS protocol radius
>  aaa-server LOCAL protocol local
>  http server enable
>  http 192.168.1.2 255.255.255.255 inside
>  no snmp-server location
>  no snmp-server contact
>  snmp-server community public
>  no snmp-server enable traps
>  floodguard enable
>  telnet timeout 5
>  ssh timeout 5
>  console timeout 0
>  terminal width 80
>  Cryptochecksum:3412014cce8cca04731da9f09bf1fa32
>  : end
>
>
>
>
>  -----Original Message-----
>  From: William [mailto:willay at gmail.com]
>  Sent: Monday, February 25, 2008 3:39 PM
>  To: Peter Nyamukusa
>  Cc: cisco-nsp at puck.nether.net
>  Subject: Re: [c-nsp] Strange PIX interface problem
>
>  Peter can you include a 'show run'  ?
>
>  On 25/02/2008, Peter Nyamukusa <petern at africaonline.co.tz> wrote:
>  >
>  >  Hi folks,
>  >
>  >  I just reset a Pix 515E to factory default using the command "wr
erase".
>  >  I am now trying to reconfigure it again and it looks like everything
is
>  >  working fine except the interfaces I cannot seem to bring them up
>  >  When I type the command interface Ethernet 1 form the config prompt
its
>  >  simply returns and does not change to PIX(config-if) there is also no
>  error
>  >  deplayed. Just wondering if any one has come across this before or it
>  could
>  >  just be a bug
>  >
>  >  pixfirewall(config)# int e1
>  >  pixfirewall(config)# sh int e1
>  >  interface ethernet1 "inside" is administratively down, line protocol
is
>  down
>  >   Hardware is i82559 ethernet, address is 0012.7f5b.deee
>  >   IP address 192.168.1.1, subnet mask 255.255.255.0
>  >   MTU 1500 bytes, BW 10000 Kbit half duplex
>  >         305 packets input, 27324 bytes, 0 no buffer
>  >         Received 305 broadcasts, 0 runts, 0 giants
>  >         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>  >         0 packets output, 0 bytes, 0 underruns
>  >         0 output errors, 0 collisions, 0 interface resets
>  >         0 babbles, 0 late collisions, 0 deferred
>  >         0 lost carrier, 0 no carrier
>  >         input queue (curr/max blocks): hardware (128/128) software
(0/0)
>  >         output queue (curr/max blocks): hardware (0/0) software (0/0)
>  >
>  >  Cisco PIX Firewall Version 6.3(3)
>  >  Cisco PIX Device Manager Version 3.0(1)
>  >
>  >  Compiled on Wed 13-Aug-03 13:55 by morlee
>  >
>  >  pixfirewall up 2 hours 3 mins
>  >
>  >  Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
>  >  Flash E28F128J3 @ 0x300, 16MB
>  >  BIOS Flash AM29F400B @ 0xfffd8000, 32KB
>  >
>  >  Encryption hardware device : Crypto5823 (revision 0x1)
>  >  0: ethernet0: address is 0012.7f5b.deed, irq 10
>  >  1: ethernet1: address is 0012.7f5b.deee, irq 11
>  >  Licensed Features:
>  >  Failover:                    Enabled
>  >  VPN-DES:                     Enabled
>  >  VPN-3DES-AES:                Disabled
>  >  Maximum Physical Interfaces: 6
>  >  Maximum Interfaces:          10
>  >  Cut-through Proxy:           Enabled
>  >  Guards:                      Enabled
>  >  URL-filtering:               Enabled
>  >  Inside Hosts:                Unlimited
>  >  Throughput:                  Unlimited
>  >  IKE peers:                   Unlimited
>  >
>  >  This PIX has an Unrestricted (UR) license.
>  >
>  >  Serial Number: 808440708 (0x302fd384)
>  >  Running Activation Key: 0x2fab0bdd 0x7a16e505 0xc2402929 0x96e856cd
>  >
>  >
>  >  Cheers Peter
>  >
>  >
>  >  _______________________________________________
>  >  cisco-nsp mailing list  cisco-nsp at puck.nether.net
>  >  https://puck.nether.net/mailman/listinfo/cisco-nsp
>  >  archive at http://puck.nether.net/pipermail/cisco-nsp/
>  >
>
>



More information about the cisco-nsp mailing list