[TriLUG] PIX 502 vs MAC?

[Ryan Leathers]

Brian,

If you do a sh xlate do you see entries for your IP address ?
If not, then consider problems outside the PIX.
If so, then clear the xlate table and the arp cache on the PIX and try 
again.

Good luck

Brian Henning wrote:

>Hi Guys,
>   I recenlty swapped out two network cards in my 
>mail/intranet/file/whatever server.  Same IPs assigned to them as 
>before, and all LAN connectivity works perfectly.  Problem is, I can't 
>get any traffic to or from it across my PIX 502 firewall.  From within 
>the firewall's admin interface I can ping the server, and I can ping the
>
>firewall from the server, but it seemingly steadfastly refuses to pass 
>any traffic outside from that server.  I can't get DNS resolutions, I 
>can't ping IPs outside our network (connect: Network unreachable), and 
>my static address translations in the PIX to that IP no longer seem to 
>work.  (Statics to other hosts on our LAN continue to function normally)
>
>I wouldn't be at all surprised if the PIX is balking at the fact that a 
>particular IP's MAC address changed.  Seems like the sort of thing it 
>could possibly see as bad, especially if the IP in question were the 
>target of one or more static translations.  Especially since that's 
>exactly where the problem appears to be.
>
>So am I right?  Has my PIX flagged that IP as "enemy" somehow because 
>its MAC changed?  And if so, how do I get it to undo that?  I've cleared
>
>the ARP cache for that IP, but that didn't help.  I know some tasks on 
>the PIX can be pretty convoluted, so I wouldn't be surprised if I were 
>missing something.
>
>By the way, here's what I've tried latest:
>
>- remove all static translations to the IP in question (192.168.1.125)
>- no arp inside 192.168.1.125
>- re-add all static translations to 192.168.1.125
>
>No joy yet.
>
>Thanks for all your input!
>
>Regards,
>~Brian
>  
>