Harry,
a couple of basic stuff to check....
in general, check physical layer and work your way up the OSI model (from local
to remote)
-- based on what i read, you have a lower-layer problem (because of line
protocol down - no lower layer status checks are accomplished). you will not be
able to get MAC address of NT server, therefore will not be able to ping. so
check cable! make sure it is a good cable and also make sure it is not a
cross-over cable if you are using twisted pair (in your case cable designed to
go from PIX directly to NT server -without hub in circuit). connection from NT
server to hub may still be good in this condition. Remember if you go through
hub, your line stats are between the PIX and hub - not end-to-end (PIX to NT )
other things you might check if you get line protocol up and still not able to
ping by IP address (always rule out DNS in troubleshooting connectivity
problems)
-- make sure that PIX and NT server are indeed on same LAN. in your case,
make sure you don't have a typo in the netmask if you acquired a hub that was
used by someone else, make sure hub is not segmented. if segmented then you
make sure PIX and NT boxes are one same segments.
-- if you need to have NT send packets out to other networks beyond PIX, check
default gateway in TCP/IP settings and make sure it is PIX inside address in
this case.
general comments
- either via NT server or another box, you should be able to sniff your traffic
between PIX and NT. since you have a hub and not a switch, this is quite easy.
You must have this capability if you ever hope to successfully resolve network
problems at any givein layer of the OSI model.
- read documentation on what error messages are and know the capabilities of
you hosts to debug them. cisco has a nice capability to debug problems built
into its ios. in cisco documentation, they tell you what it means when
"interface is down" or when "line protocol down". knowing ths information can
point you in right direction (e.g, lower layer protocol problem vice a routing
problem).
i hope this helps, the above is what came off the top of my head and is
considered basic network troubleshooting.
bob mcmahon, cissp
Harry Whitehouse wrote:
> The folks on this list have been most helpful with my newbee questions, but
> I need to impose with one more beginner's question.
>
> I am trying a simple experimental setup with a Cisco PIX 520. I have the
> "outside" network card talking to my public network, and I can ping network
> devices using the PIX terminal commands. The "show interfaces" command
> indicates that the outside card is up and the line protocol is up.
>
> For the "inside", I simply took one of our NT servers, set the IP address to
> 192.168.10.44, and set the IP address of the PIX inside card to
> 192.168.10.20. There is a hub between the PIX and the NT.
>
> But the inside is completely "dead". I don't see any activity lights on the
> inside PIX card. I can't ping the NT from the PIX terminal. I can't ping
> the inside PIX card from the NT. Show interfaces indicates that the inside
> card is "up", but the line protocol is down.
>
> It occurred to me that I need a separate and distinct router on this
> "inside" network (albeit the network is quite small).
>
> Is that my problem?
>
> TIA
>
> Harry
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
