Re: pix strange problem, please help!!

From: Truman Ford (truman.ccie@gmail.com)
Date: Tue Aug 19 2008 - 03:03:03 ART

• Next message: Fahad Khan: "Re: EIGRP - Stub redistributed question"
• Previous message: Farrukh Haroon: "Re: pix strange problem, please help!!"
• Maybe in reply to: Truman Ford: "pix strange problem, please help!!"
• Next in thread: Farrukh Haroon: "Re: pix strange problem, please help!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Farrukh,

Customer has IDS (Cyberom) connected to this pix, so will applying the below
command effect the Cyberom.

On 8/19/08, Farrukh Haroon <farrukhharoon@gmail.com> wrote:
>
> Your have enabled the IDS feature built-in to the PIX. This is blocking
> your pings.
>
> Do this:
>
> ip audit signature* **2004 *disable
>
> Regards
>
> Farrukh
>
>
> On Tue, Aug 19, 2008 at 8:00 AM, Truman Ford <truman.ccie@gmail.com>wrote:
>
>> Hi Experts,
>>
>> I have faced a very strange problem with pix.
>> The problem is that customer complained that he is not able to ping the
>> inside IP of pix from the his LAN, but was able to do before.
>> BUT able to ssh :).I checked in the pix that icmp is permited.
>> As for troubleshooting, I directly connected the pix inside interface
>> with
>> the laptop with the same subnet ip of that pix inside, unfortunately not
>> able to ping from laptop to inside ip of pix and viceversa.BUT able to do
>> ssh from the laptop :) When I do the debug icmp in pix and ping the inside
>> ip of pix from the directly connected laptop, I can see the following logs
>> in the pix, where .2 is laptop ip address and .1 is pix inside ip address.
>> Firewall is off in the laptop.
>>
>> Please help!!!!!!!!!!
>>
>>
>> 400014: IDS:2004 ICMP echo request from 190.168.10.2 to 190.168.10.1 on
>> interface inside
>>
>> 400014: IDS:2004 ICMP echo request from 190.168.10.2 to 190.168.10.1 on
>> interface inside
>>
>> 400014: IDS:2004 ICMP echo request from 190.168.10.2 to 190.168.10.1 on
>> interface inside
>>
>>
>>
>> PIX config (in short):
>>
>> PIX Version 6.3(5)127
>> interface ethernet0 100full
>> interface ethernet1 auto
>> nameif ethernet0 outside security0
>> nameif ethernet1 inside security100
>> enable password xxx encrypted
>> passwd xxxx encrypted
>> hostname PIX
>> domain-name pixfw
>> clock timezone ist 12 30
>> fixup protocol dns maximum-length 512
>> fixup protocol ftp 21
>> fixup protocol ftp 18001
>> fixup protocol h323 h225 1720
>> fixup protocol h323 ras 1718-1719
>> fixup protocol http 80
>> fixup protocol rsh 514
>> fixup protocol rtsp 554
>> fixup protocol sip 5060
>> fixup protocol sip udp 5060
>> fixup protocol skinny 2000
>> fixup protocol smtp 25
>> fixup protocol sqlnet 1521
>> fixup protocol tftp 69
>>
>> access-list inside_access_in permit icmp any any echo
>>
>> access-group inside_access_in in interface inside
>>
>> ip address inside 190.168.10.1 255.255.255.0
>>
>> Thanks,
>>
>> Truman
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Fahad Khan: "Re: EIGRP - Stub redistributed question"
• Previous message: Farrukh Haroon: "Re: pix strange problem, please help!!"
• Maybe in reply to: Truman Ford: "pix strange problem, please help!!"
• Next in thread: Farrukh Haroon: "Re: pix strange problem, please help!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:31 ART