we are using static internal ips...i'll give changing the ip a try...but i
dunno if it'll work...the internal hosts can still ping the router (which
must go through the pix) just fine...just can't get passed the router...
perhaps its a problem with the version of PIX i'm running...i bought it
brand new...but in the box is version 4.4...didn't get a support contract
with it....
your problem sounds almost like an arp timeout problem....like its set too
high...but thats not possible if you are using static public ip
addresses...i suppose you've tried clearing the arp entries in the
router/pix/hosts by now...
Brent
""Alex Lee"" <[EMAIL PROTECTED]> wrote in message
99g4bq$voq$[EMAIL PROTECTED]">news:99g4bq$voq$[EMAIL PROTECTED]...
> Brent,
>
> I don't know whether your PIX problem is same as ours. But this is what is
> happening to us ......
>
> We have a PIX 515. Our PCs, printers, etc, all uses static public IP
> addresses. Once in a while, one of our PC users cannot point his internet
> browser to any URL, nor can he ping anything outside our subnet. The PC
can
> be running Win 98, Win NT or Win 95. We work around this problem so far by
> changing the PC's ip address to another ip address. On some PCs we don't
> even need a re-boot and the computer can go out to internet with no
problem.
> After a day or so, we change it back to its original ip address and it
works
> with no problem. We have opened at least three cases with TAC and have
> upgraded our PIX software version two times but still cannot find a
> permanent fix. I posted our problem to the group a couple of days ago.
>
> If you are using static ip address on your PC maybe you can try to change
to
> another un-used ip address, or release the current ip address to acquired
a
> new one if you are using DHCP and see if it works.
>
> Alex Lee
>
>
>
> ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message
> 99g29m$jj7$[EMAIL PROTECTED]">news:99g29m$jj7$[EMAIL PROTECTED]...
> > nope
> >
> >
> > ""Alex Lee"" <[EMAIL PROTECTED]> wrote in message
> > 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]...
> > > Are you able to point your web browser to any URL ?
> > >
> > > Alex Lee
> > >
> > >
> > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message
> > > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]...
> > > > As i mentioned below....
> > > >
> > > > > I've also used the conduit permit icmp any any
> > > > > command so that i can ping in and out of the firewall...
> > > >
> > > > The tricky part is...i can ping from the internal network
192.168.1.x
> to
> > > the
> > > > router (which is through the firewall)...i can't ping anything past
> the
> > > > router...
> > > >
> > > >
> > > >
> > > >
> > > > ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message
> > > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]...
> > > > > Is there firewall software running?
> > > > > If so have you rules that are disabling ICMP?
> > > > >
> > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message
> > > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]...
> > > > > > I've got an unusual problem with my PIX 515.
> > > > > >
> > > > > > I've configured the inside interface correctly, and can ping
hosts
> > on
> > > > the
> > > > > > internal network. I've configured the outside interface
correctly
> > (as
> > > > far
> > > > > > as ip addresses go) and can ping anywhere on the internet.
> > > > > >
> > > > > > I've configured the router (to the internet) as the default
route
> of
> > > the
> > > > > > pix...and the pix as the default gateway of the hosts on the
> > internal
> > > > > > network.
> > > > > >
> > > > > > I've also used the conduit permit icmp any any
> > > > > > command so that i can ping in and out of the firewall...
> > > > > >
> > > > > > When I try to ping anywhere on the internet from the firewall it
> > > > > > works...also when i try to ping the internal network it works...
> > > > > >
> > > > > > When i try to ping the pix from a host it works...when i try to
> ping
> > > the
> > > > > > router (to the internet) from a host it works...(meaning it goes
> > > through
> > > > > the
> > > > > > pix to the router fine)
> > > > > >
> > > > > > however, when i try to ping anywhere on the internet (including
> the
> > > next
> > > > > hop
> > > > > > from the router) it doesn't work...i can't get passed the
> > router...it
> > > > just
> > > > > > dead ends there...
> > > > > >
> > > > > > i checked to make sure that the subnet mask on the pix is
> > right...and
> > > > its
> > > > > > fine...
> > > > > >
> > > > > > any ideas?
> > > > > >
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Brent
> > > > > > CCNP, CCDA, MCSE, MCP+I, etc.
> > > > > >
> > > > > >
> > > > > > _________________________________
> > > > > > FAQ, list archives, and subscription info:
> > > > > http://www.groupstudy.com/list/cisco.html
> > > > > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > >
> > > > > _________________________________
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> > > > >
> > > >
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > >
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
