Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 515e Unrestricted Weird Issue

Status
Not open for further replies.
acollard83

acollard83

IS-IT--Management
May 1, 2005
179
0
0
US
OK We have a weird issue after implementing a PIX 515e. Some sites timeout. For instance, when posting on Tek-Tips, I can enter all the details into the message but when I hit submit, I get a connection reset error in Firefox. IE doesnt give an error other than an error. This started happening after the PIX was installed. It is not in the budget to go to an ASA, so we are stuck with the pix. I can upload he current config. We need the PIX to host VPNs for our callmanager. This is something I haven't seen before and can't figure it out. Any help would be appreciated.


PIX Version 7.1(2)
!
hostname PIX515
domain-name ustransport.local
enable password XXX encrypted
names
!
interface Ethernet0
description Comcast
speed 100
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet2
shutdown
nameif intf2
security-level 4
no ip address
!
interface Ethernet3
shutdown
nameif intf3
security-level 6
no ip address
!
interface Ethernet4
shutdown
nameif intf4
security-level 8
no ip address
!
interface Ethernet5
shutdown
nameif intf5
security-level 10
no ip address
!
passwd XXX encrypted
boot system flash:/image.bin
ftp mode passive

dns server-group DefaultDNS
domain-name ustransport.local
access-list acl_outside extended permit icmp any any echo
access-list acl_outside extended permit icmp any any echo-reply
access-list acl_outside extended permit udp any any eq 10014
access-list acl_outside extended permit udp any any eq 10013
access-list acl_outside extended permit udp any any eq 10012
access-list acl_outside extended permit udp any any eq 10011
access-list acl_outside extended permit udp any any eq 10010
access-list acl_outside extended permit udp any any eq 10009
access-list acl_outside extended permit udp any any eq 10008
access-list acl_outside extended permit udp any any eq 10007
access-list acl_outside extended permit udp any any eq 10006
access-list acl_outside extended permit udp any any eq 10005
access-list acl_outside extended permit udp any any eq 10004
access-list acl_outside extended permit udp any any eq 10003
access-list acl_outside extended permit udp any any eq 10002
access-list acl_outside extended permit udp any any eq 5004
access-list acl_outside extended permit udp any any eq 10000
access-list acl_outside extended permit tcp any any eq sip
access-list acl_outside extended permit udp any any eq sip
access-list acl_outside extended permit tcp any any eq 3389
access-list acl_outside extended permit tcp any any eq www
access-list acl_outside extended permit tcp any any eq https
access-list acl_outside extended permit tcp any any eq 1433
access-list acl_outside extended permit udp any any eq 1433
access-list acl_outside extended permit tcp any any eq smtp
access-list acl_outside extended permit tcp any any eq 465
access-list NO-NAT extended permit ip 192.168.2.0 255.255.255.0 10.22.0.0 255.255.0.0
access-list EZVPN1 extended permit ip 192.168.2.0 255.255.255.0 10.22.1.0 255.255.255.0
access-list EZVPN2 extended permit ip 192.168.2.0 255.255.255.0 10.22.2.0 255.255.255.0
access-list EZVPN3 extended permit ip 192.168.2.0 255.255.255.0 10.22.3.0 255.255.255.0
access-list EZVPN4 extended permit ip 192.168.2.0 255.255.255.0 10.22.4.0 255.255.255.0
access-list EZVPN5 extended permit ip 192.168.2.0 255.255.255.0 10.22.5.0 255.255.255.0
access-list EZVPN6 extended permit ip 192.168.2.0 255.255.255.0 10.22.6.0 255.255.255.0
access-list EZVPN7 extended permit ip 192.168.2.0 255.255.255.0 10.22.7.0 255.255.255.0
access-list EZVPN8 extended permit ip 192.168.2.0 255.255.255.0 10.22.8.0 255.255.255.0
access-list EZVPN9 extended permit ip 192.168.2.0 255.255.255.0 10.22.9.0 255.255.255.0
access-list EZVPN10 extended permit ip 192.168.2.0 255.255.255.0 10.22.10.0 255.255.255.0
access-list EZVPN11 extended permit ip 192.168.2.0 255.255.255.0 10.22.11.0 255.255.255.0
access-list EZVPN12 extended permit ip 192.168.2.0 255.255.255.0 10.22.12.0 255.255.255.0
access-list EZVPN13 extended permit ip 192.168.2.0 255.255.255.0 10.22.13.0 255.255.255.0
access-list EZVPN14 extended permit ip 192.168.2.0 255.255.255.0 10.22.14.0 255.255.255.0
access-list EZVPN15 extended permit ip 192.168.2.0 255.255.255.0 10.22.15.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 1000000
logging monitor notifications

logging buffered debugging
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
no failover
icmp permit any outside
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list NO-NAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) udp interface 10014 192.168.2.21 10014 netmask 255.255.255.255
static (inside,outside) udp interface 10013 192.168.2.21 10013 netmask 255.255.255.255
static (inside,outside) udp interface 10012 192.168.2.21 10012 netmask 255.255.255.255
static (inside,outside) udp interface 10011 192.168.2.21 10011 netmask 255.255.255.255
static (inside,outside) udp interface 10010 192.168.2.21 10010 netmask 255.255.255.255
static (inside,outside) udp interface 10009 192.168.2.21 10009 netmask 255.255.255.255
static (inside,outside) udp interface 10008 192.168.2.21 10008 netmask 255.255.255.255
static (inside,outside) udp interface 10007 192.168.2.21 10007 netmask 255.255.255.255
static (inside,outside) udp interface 10006 192.168.2.21 10006 netmask 255.255.255.255

static (inside,outside) udp interface 10005 192.168.2.21 10005 netmask 255.255.255.255
static (inside,outside) udp interface 10004 192.168.2.21 10004 netmask 255.255.255.255
static (inside,outside) udp interface 10003 192.168.2.21 10003 netmask 255.255.255.255
static (inside,outside) udp interface 10002 192.168.2.21 10002 netmask 255.255.255.255
static (inside,outside) udp interface 5004 192.168.2.21 5004 netmask 255.255.255.255
static (inside,outside) udp interface 10000 192.168.2.21 10001 netmask 255.255.255.255
static (inside,outside) tcp interface sip 192.168.2.21 sip netmask 255.255.255.255
static (inside,outside) udp interface sip 192.168.2.21 sip netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.2.11 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 255.255.255.255
static (inside,outside) tcp interface https 192.168.2.11 https netmask 255.255.255.255
static (inside,outside) tcp interface 1433 192.168.2.12 1433 netmask 255.255.255.255
static (inside,outside) udp interface 1433 192.168.2.12 1433 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.2.10 smtp netmask 255.255.255.255
static (inside,outside) tcp interface 465 192.168.2.10 465 netmask 255.255.255.255
access-group acl_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy EZVPN6 internal

group-policy EZVPN6 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN6
nem enable
group-policy EZVPN7 internal
group-policy EZVPN7 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN7
nem enable
group-policy EZVPN4 internal
group-policy EZVPN4 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN4
nem enable
group-policy EZVPN14 internal
group-policy EZVPN14 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN14
nem enable
group-policy EZVPN5 internal
group-policy EZVPN5 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN5
nem enable

group-policy EZVPN15 internal
group-policy EZVPN15 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN15
nem enable
group-policy EZVPN2 internal
group-policy EZVPN2 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN2
nem enable
group-policy EZVPN12 internal
group-policy EZVPN12 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN12
nem enable
group-policy EZVPN3 internal
group-policy EZVPN3 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN3
nem enable
group-policy EZVPN13 internal
group-policy EZVPN13 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN13
nem enable
group-policy EZVPN10 internal
group-policy EZVPN10 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN10
nem enable
group-policy EZVPN1 internal
group-policy EZVPN1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN1
nem enable
group-policy EZVPN11 internal
group-policy EZVPN11 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN11
nem enable
group-policy EZVPN8 internal
group-policy EZVPN8 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN8
nem enable
group-policy EZVPN9 internal
group-policy EZVPN9 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN9
nem enable
username EZVPN6 password XXX encrypted
username EZVPN7 password XXX encrypted
username EZVPN4 password XXX encrypted
username EZVPN14 password XXX encrypted
username EZVPN5 password XXX encrypted
username EZVPN15 password XXX encrypted
username EZVPN2 password XXX encrypted
username EZVPN12 password XXX encrypted
username EZVPN3 password XXX encrypted
username EZVPN13 password XXX encrypted
username EZVPN10 password XXX encrypted
username EZVPN1 password XXX encrypted
username EZVPN11 password XXX encrypted
username EZVPN8 password XXX encrypted
username EZVPN9 password XXX encrypted
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set 3DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map DYNMAP 5 set transform-set 3DES-MD5
crypto map VPN 10 ipsec-isakmp dynamic DYNMAP

crypto map VPN interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp nat-traversal 20
tunnel-group EZVPN1 type ipsec-ra
tunnel-group EZVPN1 general-attributes
default-group-policy EZVPN1
tunnel-group EZVPN1 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN2 type ipsec-ra
tunnel-group EZVPN2 general-attributes
default-group-policy EZVPN2
tunnel-group EZVPN2 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN3 type ipsec-ra
tunnel-group EZVPN3 general-attributes
default-group-policy EZVPN3
tunnel-group EZVPN3 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN4 type ipsec-ra

tunnel-group EZVPN4 general-attributes
default-group-policy EZVPN4
tunnel-group EZVPN4 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN5 type ipsec-ra
tunnel-group EZVPN5 general-attributes
default-group-policy EZVPN5
tunnel-group EZVPN5 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN6 type ipsec-ra
tunnel-group EZVPN6 general-attributes
default-group-policy EZVPN6
tunnel-group EZVPN6 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN7 type ipsec-ra
tunnel-group EZVPN7 general-attributes
default-group-policy EZVPN7
tunnel-group EZVPN7 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN8 type ipsec-ra
tunnel-group EZVPN8 general-attributes
default-group-policy EZVPN8
tunnel-group EZVPN8 ipsec-attributes
pre-shared-key *

tunnel-group EZVPN9 type ipsec-ra
tunnel-group EZVPN9 general-attributes
default-group-policy EZVPN9
tunnel-group EZVPN9 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN10 type ipsec-ra
tunnel-group EZVPN10 general-attributes
default-group-policy EZVPN10
tunnel-group EZVPN10 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN11 type ipsec-ra
tunnel-group EZVPN11 general-attributes
default-group-policy EZVPN11
tunnel-group EZVPN11 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN12 type ipsec-ra
tunnel-group EZVPN12 general-attributes
default-group-policy EZVPN12
tunnel-group EZVPN12 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN13 type ipsec-ra
tunnel-group EZVPN13 general-attributes
default-group-policy EZVPN13
tunnel-group EZVPN13 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN14 type ipsec-ra
tunnel-group EZVPN14 general-attributes
default-group-policy EZVPN14
tunnel-group EZVPN14 ipsec-attributes
pre-shared-key *
tunnel-group EZVPN15 type ipsec-ra
tunnel-group EZVPN15 general-attributes
default-group-policy EZVPN15
tunnel-group EZVPN15 ipsec-attributes
pre-shared-key *
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.2.100-192.168.2.254 inside
dhcpd dns 192.168.2.10 207.179.70.27
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd domain ustransport.local
dhcpd option 150 ip 192.168.2.20

dhcpd enable inside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!

service-policy global_policy global
Cryptochecksum:099310356b21a94009beaf5530e2b3ff
 
Sort by date Sort by votes
This issue has been resolved. We upgraded to 8.0(3) and that resolved the issue.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
116
nnaarrnn
nnaarrnn
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
54
hairlessupportmonkey
hairlessupportmonkey
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
34
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
42
brownmab53
brownmab53
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
53
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top