|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Strange behavior of Catalyst4006
Joe,
If you are using NAT 0 you need to have a static translation enabled.
Otherwise when the machine first comes up it arp's which creates an xlate
entry on the PIX which times out when the inactivity timer runs out.
This causes behavior similar to what you are experiencing
Scott C. McGrath
On Mon, 28 Jun 2004, Greg Schwimer wrote:
>
>
> Some things you can look into:
>
> > firewall interface(10.10.1.122/30).
> > ip route 192.168.5.0 255.255.255.0 10.10.1.124
>
> Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124?
> 10.10.1.122 is a host address in the 10.10.1.120/30 subnet.
> 10.10.1.124 is a /30 network. Either way, you're dealing with two
> different subnets. Oddly, it's working sometimes.
>
>
> > At the very begining all system works fine. After sometime they said they could not acces their email/web/dns
> > server from host outside their company's network... We restart ( shut; noshut) the fastethernet interface on Catalyst4006,
> > and then servers' network access recovered.
> >
>
> Sounds suspiciously like an IP conflict or some MAC weirdness with the
> firewall's or 4006's IP. Is the connection between the 4006 and the
> customer's firewall a basic crossover, or does the customer have a
> hub/switch on their side? Assuming the subnetting statement I've made
> above is based on erroneous info, check your arp cache/mac table when
> it *is* working. Write down the MAC for the customer's firewall. When
> it stops working, check the arp cache/mac table again. Compare the
> MACs to be sure they're the same. Just for giggles, clear the arp
> cache and see if that fixes it. If that doesn't, clear the entry from
> the cam table.
>
> Good luck...
>
> Greg Schwimer
>
|