Joe, If you are using NAT 0 you need to have a static translation enabled. Otherwise when the machine first comes up it arp's which creates an xlate entry on the PIX which times out when the inactivity timer runs out. This causes behavior similar to what you are experiencing Scott C. McGrath On Mon, 28 Jun 2004, Greg Schwimer wrote:
Some things you can look into:
firewall interface(10.10.1.122/30). ip route 192.168.5.0 255.255.255.0 10.10.1.124
Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124? 10.10.1.122 is a host address in the 10.10.1.120/30 subnet. 10.10.1.124 is a /30 network. Either way, you're dealing with two different subnets. Oddly, it's working sometimes.
At the very begining all system works fine. After sometime they said they could not acces their email/web/dns server from host outside their company's network... We restart ( shut; noshut) the fastethernet interface on Catalyst4006, and then servers' network access recovered.
Sounds suspiciously like an IP conflict or some MAC weirdness with the firewall's or 4006's IP. Is the connection between the 4006 and the customer's firewall a basic crossover, or does the customer have a hub/switch on their side? Assuming the subnetting statement I've made above is based on erroneous info, check your arp cache/mac table when it *is* working. Write down the MAC for the customer's firewall. When it stops working, check the arp cache/mac table again. Compare the MACs to be sure they're the same. Just for giggles, clear the arp cache and see if that fixes it. If that doesn't, clear the entry from the cam table.
Good luck...
Greg Schwimer