Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Behind Sonic Firewall

Status
Not open for further replies.

daidem77

MIS
Nov 30, 2005
43
CA
I have a 515E pix and I can't seem to ping outside of it's inside interface to any host and host can't ping the inside interface of the pix. A Sonicwall is used as the gateway in the network right now. I am in the process of replacing it. The pix inside interface works fine if I directly connect it to a host. Any thoughts?
 
pix----sonic----LAN

Is the set-up like the above?
Can the LAN ping the inside of the sonic?
Can the LAN ping the outside of the sonic?
What do the subnets and routes look like?

 
Thank you for the reply. I think the problem is with the Primary Failover PIX. Though I can assign it an ip address it does not have a mac address. When I debug arp I could see all the arp messages reaching the inside interface but it does not populate the arp table. The secondery firewall has an MAC address with the inside interface and works fine. Host can ping the firewall interface. This is what I posted again here. I am trying to break my head to get this going.

I have posted several posts here and tried to get a ping response from my PIX515E. I spent several hours with TAC and still no answer. Today I just discovered that my MAC address shows ffff.ffff.ffff. My silly question is that is this some security issue on the 515E?? I have another 515E here and it has a valid MAC address? Could this be a hardware issue? Is the MAC address have to be set statically? Any help would be appricated.

Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address ffff.ffff.ffff, MTU 1500
IP address 172.20.1.1, subnet mask 255.255.0.0
81242 packets input, 6874367 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
52 packets output, 4497 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
 
daidem77,
Who is the active firewall? Did you issue this command in the config
failover mac address mif_name act_mac stn_mac
?







Brent
Systems Engineer / Consultant
CCNP, CCSP
 
The interface output I have displayed is the active (Primary) firewall. I have not connected them together yet. I want to get the two firewalls with their ip address. I am able to set the ip and communicate from the secondary (Standby) pix. It also has mac address. But the Primarry does not have a mac address. Where should I issue that command? Primary or the Standby?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top