I‘ve been running the Cisco PIX 501 for a good couple of years.  Cisco no longer manufacturers or supports the 501 unless you or your company has loads of cash laying around to buy extended maintenance and support.  However, the 501 is still and incredible router/firewall and to this day does a superior job of routing and controlling traffic.

I ran into some issues with the PIX I was using as it only had a license for 10-users installed.  I have approximately 20 devices on home network, ranging from PCs to IP enabled camera devices to Apple iPhones.  When the PIX reaches its 10 user limit it will block traffic from any additional devices and holds the translations for 3 hours.  That locks out any additional inside IP addresses from accessing the Internet until the XLATE table entry expires or is manually cleared by issuing the “clear xlate” command from an admin telnet or SSH session. In order to solve this issue, I found a PIX 501 with an unlimited user license and replacing my original 501.

After copying my configuration files over, and installing the hardware into my network, I found that the PIX would not pass traffic.  I could put the original PIX back into place and everything began to work normal again.  Assuming I messed up the config during the copy, I went back and checked my steps, re-copied the config and again, no traffic would pass.  This became very frustrating quickly and eventually, I gave up for the day.

The next day I resumed troubleshooting with no luck.  I knew my config was right, and assumed the PIX must be faulty.  In order to test that theory I plugged my notebook directly into the outside interface of the PIX 501 and assigned it the IP address of Verizon’s default gateway.  I was quite surprised when traffic started flowing normally.  The next step I followed was to plug my notebook directly into the Verizon FiOS uplink and set the IP of my notebook, to the IP I use for the PIX itself.  Pinging once again failed.  I plugged the original PIX back into the Verizon uplink and like magic I was talking on the Internet once again.

At this point, I was completely beside myself with frustration.  I waited about an hour and called Verizon FiOS technical support and explained the situation.  The first level technician had no idea what I was talking about and said I needed to purchase a Verizon Actiontec router to be supported.  I told him that I was paying for a Business class FiOS connection and not a residential gateway service and that I expected to receive support regardless of which router or firewall I chose to use on my end.  At which point he transferred me to a manager, or so he told me.  What he actually did was transfer me to Level 3 support.

Once again I explained my issue to the Verizon technician who said “We have a 2 hour ARP Cache on all FiOS connections.  Simply disconnect your old PIX and wait two hours and it will clear on its own.”  I asked him to login to his router and clear the cache immediately, to which he replied “We don’t have access to do that.”  You have to love Verizon support. Right?
Bottom line: I unplugged the original 501, installed my new 501 and started a continuous ping to www.google.com.  After waiting and watching at exactly 1 hr, 59 minutes and 52 seconds, the pings started getting through.  Verizon FiOS (and supposedly DSL too) has an ARP Cache which takes 2 hours to expire.

I’d really like someone at Verizon to explain to me why in the world they do something so retarded and their first level techs are not informed that you are a bunch of retards

Share this on your favorite social network:

Hide Sites