All Cisco-Network Study Notes: Checking Addressing

Checking Addressing

As with any IP device, unless basal IP acclamation and operation are configured

correctly and working, none of your PIX firewall troubleshooting efforts

regarding routing, admission lists, and adaptation will matter.This point cannot be

overstressed: Acclamation charge be actual in adjustment for the PIX firewall to function.

Figure 10.10 shows PIX1 and PIX2 affiliated to anniversary other.

www.syngress.com

572 Chapter 10 • Troubleshooting and Performance Monitoring

In the figure, there is an acclamation botheration on the LAN abutting the two

firewalls (which is labeled DMZ in the configuration). For starters, PIX1 has a

subnet affectation of /30, while FW2 has a affectation of /29 for the DMZ network

(192.168.99.0), a accepted arrangement amid them.This is accepted application the

show ip abode command on both firewalls. Notice the differences accent in

the command achievement apparent in Amount 10.11.

Figure 10.11 IP Abode Configuration

PIX1# appearance ip address

System IP Addresses:

ip abode alfresco 192.168.99.5 255.255.255.252

ip abode DMZ 192.168.99.1 255.255.255.252

Current IP Addresses:

ip abode alfresco 192.168.99.5 255.255.255.252

ip abode DMZ 192.168.99.1 255.255.255.252

PIX2# appearance ip address

System IP Addresses:

ip abode alfresco 192.168.99.9 255.255.255.252

ip abode DMZ 192.168.99.2 255.255.255.248

Current IP Addresses:

ip abode alfresco 192.168.99.9 255.255.255.252

ip abode DMZ 192.168.99.2 255.255.255.248

The fix actuality is artlessly to actual the affectation on PIX2. As on Cisco routers, the

show interface command can additionally be acclimated to analysis acclamation on your PIX firewall,

as apparent in Amount 10.12.

www.syngress.com

Figure 10.10 IP Acclamation Problem

RTR1

192.168.99.4/30 192.168.99.8/30

192.168.99.1/30

PIX1 PIX2

DMZ 192.168.99.2/29

Troubleshooting and Performance Monitoring • Chapter 10 573

Figure 10.12 Abode Verification Application the appearance interface Command

PIX1# appearance interface

interface ethernet0 "DMZ" is up, band agreement is up

Hardware is i82559 ethernet, abode is 0008.e317.ba6b

IP abode 192.168.99.1, subnet affectation 255.255.255.252

MTU 1500 bytes, BW 100000 Kbit bisected duplex

2 packets input, 258 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 ascribe errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

11 packets output, 170 bytes, 0 underruns, 0 unicast rpf drops

0 achievement errors, 0 collisions, 0 interface resets

0 babbles, 0 backward collisions, 0 deferred

0 absent carrier, 0 no carrier

input chain (curr/max blocks): accouterments (128/128) software (0/1)

output chain (curr/max blocks): accouterments (0/2) software (0/1)

Regardless of the adjustment you use, verify that all interface IP addresses are

correct afore proceeding any added in your troubleshooting efforts. Incorrect

addressing will anticipate avant-garde appearance of the PIX firewall from working, even

if you configure them correctly. After all, all cartage charge canyon through at atomic two

interfaces, and the interfaces charge be addressed correctly.