Contribute pix firewall

Similar Messages

• PIX Firewall 525 can not start

  Hi,
  Today my colleague add 2 lines of access-list to our PIX 525.  After 10 minutes, my firewall was rebooted and until now can't start.  The booting process as listed below.
  The questions are :
  1. What is my OS version? Flash?
  2. How to remove those 2 lines (reset the config to default)?
  3. How to solve the issue?
  Thanks,
  Andy
  Booting process
  ================
  Rebooting..þ
  Wait.....
  PCI Device Table.
  Bus Dev Func VendID DevID Class              Irq
  00  00  00   8086   7192  Host Bridge
  00  07  00   8086   7110  ISA Bridge
  00  07  01   8086   7111  IDE Controller
  00  07  02   8086   7112  Serial Bus         9
  00  07  03   8086   7113  PCI Bridge
  00  0D  00   8086   1209  Ethernet           11
  00  0E  00   8086   1209  Ethernet           10
  Cisco Secure PIX Firewall Embedded BIOS Version 4.3
  Wait...ndeavor Board, Boot Block BIOS
  +------------------------------------------------------------------------------+
  |          System BIOS Configuration, (C) 2000 General Software, Inc.          |
  +---------------------------------------+--------------------------------------+
  | System CPU           : Pentium III    | Low Memory           : 638KB         |
  | Coprocessor          : Enabled        | Extended Memory      : 255MB         |
  | Embedded BIOS Date   : 08/25/00       | Serial Ports 1-2     : 03F8 02F8     |
  +---------------------------------------+--------------------------------------+
  Cisco Secure PIX Firewall BIOS (4.0) #39: Tue Nov 28 18:44:51 PST 2000
  Platform PIX-525
  System Flash=E28F128J3 @ 0xfff00000
  Use BREAK or ESC to interrupt flash boot.
  Use SPACE to begin flash boot immediately.
  Reading 1528320 bytes of image from flash.
  256MB RAM
  System Flash=E28F128J3 @ 0xfff00000
  BIOS Flash=am29f400b @ 0xd8000
  mcwa i82559 Ethernet at irq 11  MAC: 0006.5336.8129
  mcwa i82559 Ethernet at irq 10  MAC: 0006.5336.8128
                                 ||        ||
                                 ||        ||
                                ||||      ||||
                            ..:||||||:..:||||||:..
                           c i s c o S y s t e m s
                          Private Internet eXchange
                          Cisco PIX Firewall
  Cisco PIX Firewall Version 6.2(1)
  Licensed Features:
  Failover:           Enabled
  VPN-DES:            Enabled
  VPN-3DES:           Disabled
  Maximum Interfaces: 8
  Cut-through Proxy:  Enabled
  Guards:             Enabled
  URL-filtering:      Enabled
  Inside Hosts:       Unlimited
  Throughput:         Unlimited
  IKE peers:          Unlimited
  An internal error occurred.  Specifically, a programming assertion was
  violated.  Copy the error message exactly as it appears, and get the
  output of the show version command and the contents of the configuration
  file.  Then call your technical support representative.
  assertion "addr < sfmm_chip_size" failed: file "sfmm.c", line 254
  No thread name
  Traceback:
  0: 802decd5
  1: 8007a8ce
  2: 800769bb
  3: 80078223
  4: 8007635e
  5: 800017d5
  6: 800758ab
  7: 80120ed6
      vector 0x00000003 (breakpoint)
         edi 0x8007a887
         esi 0x000000fe
         ebp 0x7ffffcb8
         esp 0x7ffffcac
         ebx 0x8007a5a3
         edx 0x000003fd
         ecx 0x0000000a
         eax 0x00000042
  error code n/a
         eip 0x802dffac
          cs 0x00000008
      eflags 0x00000046
         CR2 0x00000000
  Stack dump: base:0x7ffffc2c size:64, active:64
  0x7ffffd2c: 0x00020000
  0x7ffffd28: 0x807f2828
  0x7ffffd24: 0xfffe0000
  0x7ffffd20: 0x00000300
  0x7ffffd1c: 0x800769bb
  0x7ffffd18: 0x7ffffd48
  0x7ffffd14: 0x00000001
  0x7ffffd10: 0x00000002
  0x7ffffd0c: 0x800762f4
  0x7ffffd08: 0x804a849c
  0x7ffffd04: 0x00000020
  0x7ffffd00: 0x805100c0
  0x7ffffcfc: 0x7ffffd48
  0x7ffffcf8: 0x8007a887
  0x7ffffcf4: 0x000000fe
  0x7ffffcf0: 0x8007a5a3
  0x7ffffcec: 0x8007a8ce
  0x7ffffce8: 0x7ffffd18
  0x7ffffce4: 0x80317cd4
  0x7ffffce0: 0xffffffff
  0x7ffffcdc: 0x80078163
  0x7ffffcd8: 0x807f2828
  0x7ffffcd4: 0xfffe0000
  0x7ffffcd0: 0x805100c0
  0x7ffffccc: 0x000000fe
  0x7ffffcc8: 0x8007a5a3
  0x7ffffcc4: 0x8007a887
  0x7ffffcc0: 0x802dec68
  0x7ffffcbc: 0x802decd5
  0x7ffffcb8: 0x7ffffce8
  0x7ffffcb4: 0x00000046
  0x7ffffcb0: 0x00000008
  0x7ffffcac: 0x802dffac *
  0x7ffffca8: 0x00000042
  0x7ffffca4: 0x0000000a
  0x7ffffca0: 0x000003fd
  0x7ffffc9c: 0x8007a5a3
  0x7ffffc98: 0x7ffffcac
  0x7ffffc94: 0x7ffffcb8
  0x7ffffc90: 0x000000fe
  0x7ffffc8c: 0x8007a887
  0x7ffffc88: 0x00000003
  0x7ffffc84: 0x80004779
  0x7ffffc80: 0x7ffffcb8
  0x7ffffc7c: 0x802c4deb
  0x7ffffc78: 0x7ffffc98
  0x7ffffc74: 0x7ffffd48
  0x7ffffc70: 0x00000001
  0x7ffffc6c: 0x000000fe
  0x7ffffc68: 0x8007a5a3
  0x7ffffc64: 0x7ffffd48
  0x7ffffc60: 0x80120ed6
  0x7ffffc5c: 0x00000007
  0x7ffffc58: 0x7ffffcac
  0x7ffffc54: 0x80002d70
  0x7ffffc50: 0x7ffffc80
  0x7ffffc4c: 0x7ffffcac
  0x7ffffc48: 0x80002ab0
  0x7ffffc44: 0x00000040
  0x7ffffc40: 0x7ffffc80
  0x7ffffc3c: 0x74656720
  0x7ffffc38: 0x7ffffe28
  0x7ffffc34: 0x2c737261
  0x7ffffc30: 0x8007a887
  Nested traceback attempted via interrupt.
  Traceback output aborted.
  Rebooting..þ

  Urgent help!!!

• Oracle 8i through CISCO PIX Firewall

  HI all,
  I Need some help here with CISCO PIX Firewall 506e series. The ORACLE Server 8i on Windows NT.4, placed at the inside interface of PIX Firewall.
  The Firewall has been configured to allow all the port to come from outside interface (this is where the Oracle client reside). When the client from outside try the oracle client application (where the login promt for username and password) when pressed enter the error msg
  =============================
  oracle error con 440
  unable to make connection oracle - 12514 tns.couldn't resolve service name
  the menu was not connectable with oracle. a menu is ended
  ==============================
  Many thanks for PIX and Oracle config.
  HATO

  Varun,
  Thank you for your help.
  I have one quick question, this pix is not in failover, it is standalone but it has Unrestricted license. It only has 64Mb of Ram. Will I have any problems based on your link recommendation?
  Memory Requirements:
  If you are using a PIX 515/515E running PIX Version 6.2/6.3, you must increase your memory before upgrading to PIX Version 8.0(2). This version requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses
  What is the difference between the restricted Licenses and the Unrestricted Licenses?
  Thanks!

• PIX firewall 525 on Voice Network for 5000 CC calls

  Dear all ,
  can some one suggest me will it be recommended to use PIX firewall 525 on Voice ( sip ) network for 5000 CC to 1000 CC calls in signaling mode since our server are using public IP so will i be able to use it without NAT / PAT also will there be any issue of QOS .
  Regards

  Sohail,
  If your idea is to add some security between your devices the PIX will work fine (I will prefer and ASA since it can run the latest software). The quality of your voice traffic shouldn't be impacted by the PIX.
  Luis Silva

• PIX Firewall Setup

  Hi,
  I need urgent help about PIX firewall setup.......
  My one of the pix firewall flash was correpted it mean don't have flash file inside... I want to install flash file how to install...
  It's showing "monitor >"   mode.
  monitor > help
  by
  senthil

  And also i need to know how to reset password i forgot the password for the another firewall...
  I have to configure as per diagram(attached) already config is there but i need to know it's write or nor becasue this one last year one.
  Please check and let me know ASAP.
  Thanks....
  Regards,
  Senthil
  I have to configure as per diagram(attached) already config is there but i need to know it's write or nor becasue this one last year one.
  Please check and let me know ASAP.
  Thanks....
  Regards,
  Senthil

• BorderManager and Pix Firewall

  Hello,
  Just implemented NSBS6.5 for a small bank with Pix firewall's inner IP
  address as my next router on hop.Was able to send mails out but could not
  receive inbound mails.Also the Bank's web site could no longer be
  assesible from within the bank but could be connected to from any where
  outside the bank's network.Could ping from the BorderManager proxy with
  public IP of 172.16.1.2 to the Pix private with IP of 172.16.1.1
  Moreover,a MaCafe Antivirus appliance was brought in and connected btw
  the BorderManager Proxy server and the Pix firewall with a bridged
  connection and an assigned IP address of 172.16.1.3 and 172.16.1.4 At
  this
  instance,could no longer ping the Pix 172.16.1.1, but could ping both
  interface of the MaCafe appliance.Could not also send nor receive mails
  via the mail proxy.
  I intend bringing the MaCafe appliance before the BorderManager Proxy
  and
  assign a LAN address to it since it has a bridged config,so as to isolate
  the problem of this appliance.
  I need to get the mail server running perfectly and the website
  assesible.Pls kindly help my case.
  Regards,
  Sesan.

  you need to go ask this in the support.bordermanager.install-setup
  group as this group is for the client firewall product only.
  Cheers!
  Richard Beels
  http://www.dsi-consulting.com
  Collaboration without complication

• IDS,ASA,PIX firewall monitoring and optimizing

  Dear All,
  Please let me know the products from Cisco to monitor and optimize the IDS, ASA, PIX firewall in the data centre and corporate networking environment.
  I believe that VMS 2.3 can be used.I like to know about the CS-MARS product from Cisco and its usage.
  Thanking you
  Swamy

  Hi,
  CS-MARS is a security product that mainly used to analyse, correlates and produce/recommed mitigation action based on the log analysis.
  You need to send your syslog, snmp or NetFlow to CS-MARS from all/selected network devices in the network to enable it to have visibility of the network activities. It has built-in signatures or rules that trigger incidents, and allows you can create your own rule to monitor certain segment or devices. Notification is available in the form of email, sms, pager, snmp and syslog.
  CS-MARS does not replace the function of IDS/IPS or antivirus, but as a critical security complimentary product to allow you to stop any detected malicious incidents/activities from a nearest point, e.g shutting down switch port where a PC is detected trying to launch network attack, virus or trojans. The concept more or less similar to 'Forward Defense' used by certain country today.
  http://www.cisco.com/en/US/partner/products/ps6241/products_data_sheet0900aecd80272e64.html
  CS-MARS is measured by its capabilities to handle received Event and Netflow logs per second. This include the HDD capacity. You can have single unit (Local Controller) or multiple unit that centrally managed by Global Controller.
  CS-MARS support wide range of networking and security products.
  http://www.cisco.com/en/US/partner/products/ps6241/products_device_support_tables_list.html
  Rgds,
  AK

• Picture of Pix Firewall 506E

  Our US counterpart has shipped the Pix Firewall 506E to us. I need a picture of it so that I can do a customs pre-declaration before it arrives. Could you provide me the picture.

  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/product_data_sheet09186a0080091b13.html

• Connecting VPNs using a PIX Firewall

  Hi,
  We are trying to configure a PIX firewall to connect differents VPNs on a MPLS enviroment and we have a problem when we use more than one firewall.
  With one FW all works fine, but with two or more in some situation we can have recursive routing and It doens't work.
  Do you know any way to connect differents MPLS VPNs using differents Firewalls.
  Regards.
  Enrique.

  Would appreciate if you can elaborate more on the topology and the minute details on the problem that you experience with multiple firewalls.

• Pix firewall issue

  Hello,
  I'm trying to configure some firewall rules and a nat in our pix 525 and I'm having some issue with the connection
  Here are the details:
  172.40.40.40 destination host.
  1.- I configured an ACL
  ACL test 172.80.0.0 255.255.0.0 destination 172.40.40.40
  ACL test 172.90.0.0 255.255.255.0 destination 172.40.40.40
  inside interface IP 172.20.20.20
  outside inteface IP 192.169.1.2
  interfaces inside outside (ping and icmp are allow)
  static (outside, inside) 172.40.40.40 172.40.40.40
  nat (outside)  5 access-list test
  global (inside) 5 interface
  route inside 172.40.40.40 255.255.255.255 172.30.30.30
  route outside 172.80.0.0 255.255.0.0 192.168.1.1
  route outside 172.90.0.0 255.255.0.0 192.168.1.1
  I'm trying to nat the traffic comming from the outside interface because we want to avoid interal ip conflicts, I'm seeing the hits on the ACL
  but can not telnet from 172.80.0.1 to 172.40.40.40 , there are routes and porta enable for that connection
  and my flag logs shown me SaAB from the destination host, what could be the problem?
  We can ping between the destination host and the pix inside interface and the icmp is allow in all the interfaces.

  Hello Thank you for your help, we will try to apply that command in our test .
  About our test the incoming connection from 172.90.0.0 are telnet session to 172.40.40.40
  So we are doing a PAT for those connection (172.90.0.0 PAT to 172.30.30.29) my question is that kind of scheme and configuration is supported on Pix Firewall?
  Here is the version: PIX 525
  Cisco PIX Firewall Version 6.3(5)
  This is the path
                                   MPLS                                    PIX                                              Destination HOST
  subnet 172.90.0.0/16 ---- ------------------------- ACL TEST -PAT(172.30.30.29 inside inteface) --------  172.40.40.40 port 25

• I am behind a Cisco PIX Firewall. What addresses and ports do I need to permit through to allow Firefox updates?

  I want to be able to upgrade my Firefox installations that are located behind a Cisco PIX Firewall. What are the TCP/IP addresses and ports required to be opened for updating to occur?

  This is less likely to be a firefox problem, as it appears something bad has happened to your network. Can you access the internet with other programs? Try email/ IRC/ Skype or even updating your computer.
  What operating system are you using?
  Ian.

• How Much bandwidth a PIX firewall can handle

  Hi,
  I would like to know, how much bandwidth a PIX firewall can handle. Actually one of our branch office is still having PIX firewall and we have a huge replication going on from head office to this branch.
  for temporary purpose we have upgraded the bandwidth to 50 Mbps, but I have noticed that the replication is utilizing only 40 Mbps.
  Thanks,
  Azeem

  A PIX can handle from 60 MBit/s (PIX501) up to 1,8 Gbit/s (PIX535). These are the Datasheet-values, so your real-life values will vary. For other models consult the data sheets:
  http://www.cisco.com/c/en/us/products/security/pix-500-series-security-appliances/datasheet-listing.html

• NFS protocol across the Pix firewall

  I have a Pix 515E running PixOS version 8.0.4 with two interfaces, inside and outside.
  On the inside interface, I have a Redhat Enterprise Linux 5.4 64 bits machine as an NFS server version 4 (NFSv4).
  On the outside interface, I have three (3) Redhat Enterprise Linux 5.4 64 bits as NFS clients.
  I have the following configuration on the Pix:
  static (inside,outside) 192.168.1.1 4.2.2.2 netmask 255.255.255.255
  access-list external permit icmp any any log
  access-group external in interface outside
  At the moment, none of the Linux client machines can mount a share on the NFS server because
  my ACL is too restrictive.  I would like to be able to open the firewall so that Linux client
  machines can mount the NFS server using NFS over UDP or NFS over TCP.
  I am looking for the exact UDP and TCP ports to be added to the ACL in order to accomplish
  this, from someone who have done this before.
  Anyone know how to do this?
  Thanks,

  I think I just answer my own post.  Just need to add about three lines to the configuration:
  access-list external permit tcp any host 4.2.2.2 eq 111 log
  access-list external permit udp any host 4.2.2.2 eq 111 log
  fixup protocol sunrpc 111
  Now I can mount the NFS server from my linux machines

• PDM losing connection to PIX firewall

  I'm having this problem if I login to my PIX either a PIX 501 or 506E, the PDM will lose it connection with the PIX after so many minutes. If i go to apply a change or save a config, PDM will tell me it can't communicate with the PIX. I would then have to close my web browser and open a new connection.
  I'm running PIX OS 6.3(5) and PDM 3.0(4) with IE 6, Java 1.6.0 on Windows XP
  Is there anyway to prevent this from happening??

  Hi jghiller,
  Question: should I share the 7520 on al pcs or none at all?
  The printer should not be shared from one computer to another.  Each computer can directly access the printer.
  Question: If I disable my security software firewall, should the printer be found and installed on wireless network OK?
  The firewall can cause problems, but not like they used to.  With this being a current printer, most firewalls should work fine with the printer.
  Dropping from the network:
  There are multiple possibilities.
  1. Try turning off UPnP in the printer embedded web server.  Type the IP of the printer into a web browser to access the EWS.  On the network tab, selecting Networking on the left side and then UPnP.
  2. If your router supports double width data channels, try changing the router to use single width channel.  You will need to access the EWS of the router.  Most routers will say either default or double.  There might be a number listed instead.  Try setting the router to 20Mhz channel width.
  3. Also, setting a static IP for the printer could be a good idea.  That way the printer IP won't change and possibly get lost by the computers.  This setting also appears in the printer EWS.
  Try the HP Wireless Printing Center for tips:
  http://www8.hp.com/us/en/campaigns/wireless-printing-center/overview.html
  I was an HP employee.
  Please mark the post that solves your problem as "Accepted Solution"

• IPIPGW and PIX firewall

  I am trying to make an IPIPGW accessible through a PIX 6.3(5) firewall. The H.323 ras and H225 fixups are enabled, but connections to the IPIPGW are not established; the firewall generates an error "call proceeding before setup". The workaround appears to be to disable both fixups and open >1024 ports, which is less than ideal. What generates the "call proceeding before setup" and can it be worked around on the IPIPGW; I've tried both slow- and fast-start connections.

  Hi,
  this is really an odd issue. The Q.931 sequence of call setup is:
  A SETUP --> B
  (optionally B can reply with "SETUP->ACK", or if it is an overlapped number, but this does not count for H.323)
  B CALL PROCEEDING / PROGRESS / ALERT --> A
  B CONNECT --> A
  It is very basic, but in general that is the procedure. Cisco says that a SETUP message has arrived after the CALL PROCEEDING one, which is incorrect. An H.323 (H225) debug would bring some light to the issue.
  We have a network of Cisco voice gateways, Call managers, thirf party gatekeepers and gateways, calling each other through a Cisco 6.4 PIX and it works (however we had some nasty troubles with path mtu discovery).