Alex,
Your issue seems to be with an ARP entry somewhere...
Do you have a loop somewhere? You may want to look
into clear XLATE command on the PIX, or clear ARP on a
a couple items (routers and PIX) when this accures...
If it is an ARP problem, remeber that the ARP time-out
on Cisco is 4hrs. by defualt. Atleast look at the ARP
tables along the way and see if you have any
"incomplete" ARP entries anywhere. As far as Brent's
problem goes, it sounds like his is an "all" not
"some" hosts issue.
Moe.
--- Alex Lee <[EMAIL PROTECTED]> wrote:
> Brent,
>
> I don't know whether your PIX problem is same as
> ours. But this is what is
> happening to us ......
>
> We have a PIX 515. Our PCs, printers, etc, all uses
> static public IP
> addresses. Once in a while, one of our PC users
> cannot point his internet
> browser to any URL, nor can he ping anything outside
> our subnet. The PC can
> be running Win 98, Win NT or Win 95. We work around
> this problem so far by
> changing the PC's ip address to another ip address.
> On some PCs we don't
> even need a re-boot and the computer can go out to
> internet with no problem.
> After a day or so, we change it back to its original
> ip address and it works
> with no problem. We have opened at least three cases
> with TAC and have
> upgraded our PIX software version two times but
> still cannot find a
> permanent fix. I posted our problem to the group a
> couple of days ago.
>
> If you are using static ip address on your PC maybe
> you can try to change to
> another un-used ip address, or release the current
> ip address to acquired a
> new one if you are using DHCP and see if it works.
>
> Alex Lee
>
>
>
> ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message
> 99g29m$jj7$[EMAIL PROTECTED]">news:99g29m$jj7$[EMAIL PROTECTED]...
> > nope
> >
> >
> > ""Alex Lee"" <[EMAIL PROTECTED]> wrote in
> message
> > 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]...
> > > Are you able to point your web browser to any
> URL ?
> > >
> > > Alex Lee
> > >
> > >
> > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in
> message
> > > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]...
> > > > As i mentioned below....
> > > >
> > > > > I've also used the conduit permit icmp any
> any
> > > > > command so that i can ping in and out of the
> firewall...
> > > >
> > > > The tricky part is...i can ping from the
> internal network 192.168.1.x
> to
> > > the
> > > > router (which is through the firewall)...i
> can't ping anything past
> the
> > > > router...
> > > >
> > > >
> > > >
> > > >
> > > > ""Aidan Manning"" <[EMAIL PROTECTED]>
> wrote in message
> > > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]...
> > > > > Is there firewall software running?
> > > > > If so have you rules that are disabling
> ICMP?
> > > > >
> > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in
> message
> > > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]...
> > > > > > I've got an unusual problem with my PIX
> 515.
> > > > > >
> > > > > > I've configured the inside interface
> correctly, and can ping hosts
> > on
> > > > the
> > > > > > internal network. I've configured the
> outside interface correctly
> > (as
> > > > far
> > > > > > as ip addresses go) and can ping anywhere
> on the internet.
> > > > > >
> > > > > > I've configured the router (to the
> internet) as the default route
> of
> > > the
> > > > > > pix...and the pix as the default gateway
> of the hosts on the
> > internal
> > > > > > network.
> > > > > >
> > > > > > I've also used the conduit permit icmp
> any any
> > > > > > command so that i can ping in and out of
> the firewall...
> > > > > >
> > > > > > When I try to ping anywhere on the
> internet from the firewall it
> > > > > > works...also when i try to ping the
> internal network it works...
> > > > > >
> > > > > > When i try to ping the pix from a host it
> works...when i try to
> ping
> > > the
> > > > > > router (to the internet) from a host it
> works...(meaning it goes
> > > through
> > > > > the
> > > > > > pix to the router fine)
> > > > > >
> > > > > > however, when i try to ping anywhere on
> the internet (including
> the
> > > next
> > > > > hop
> > > > > > from the router) it doesn't work...i can't
> get passed the
> > router...it
> > > > just
> > > > > > dead ends there...
> > > > > >
> > > > > > i checked to make sure that the subnet
> mask on the pix is
> > right...and
> > > > its
> > > > > > fine...
> > > > > >
> > > > > > any ideas?
> > > > > >
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Brent
> > > > > > CCNP, CCDA, MCSE, MCP+I, etc.
> > > > > >
> > > > > >
> > > > > > _________________________________
> > > > > > FAQ, list archives, and subscription info:
> > > > > http://www.groupstudy.com/list/cisco.html
> > > > > > Report misconduct and Nondisclosure
> violations to
> > [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > >
> > > > > _________________________________
> > > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure
> violations to
> [EMAIL PROTECTED]
> > > > >
> > > >
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations
> to [EMAIL PROTECTED]
> > > >
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to [EMAIL PROTECTED]
> > >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
_____________________________________________
Moe Tavakoli
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
