we have about 100 users on the inside interface of a PIX 525. Everyone is able to get to the internet then, someone will come to me saying they can not pop mail or browse the web. I can ping all the computers on the inside but can not ping outside. Once I clear the xlate of the firewall, they are able to connect without a problem. Everything will be working fine for a while then the same thing happens. I have dropped the xlate timeout for 30min, but that does not resolve the issue. For a test I had a enduser who could not get online wait an hour (the xlate is suppose to timeout after 30min) and they still could not connect. I had to manually clear the xlate before they could. I have to find a solution for this soon. Please help
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Clearing Xlate
- Thread starter lost4life
- Start date
- Thread starter
- #2
dopehead
MIS
- Feb 20, 2003
- 467
What SW Version are you running, it might be a software bug, also...are you using one ip address in your global statement or a range ? If you use a range it will only do one-to-one NAT and not PAT, which will cause problems for you if you have many users and not that many ip's in your global statement.
Jan
Jan
- Thread starter
- #4
I am currently running version 5.3(2). I have increased the number of IP address for the global pool to 20- only have about 80 end users and I have another IP set up for PAT. It is not happening as much as it use to (no problems today yet). Now when it happens I issue the following: cl xlate local IPADDRESS and the problem is fixed.
- Status
Similar threads