%PIX-3-201002: Too many connections on xlate

[Zelandakh]

I keep getting the message:

%PIX-3-201002: Too many connections on xlate <public IP>

in my pixsyslog file. Around the same time, Internet surfing drops to a crawl. The public IP is set as IP outside <public IP> and we all go out through a proxy set as :

nat (inside) 1 192.168.0.1 255.255.255.255 1000 200

Running a Pix 501R 6.01.

Anyone got any ideas how to resolve?

 

[dino11]

You can see how many current connections you have by doing a &quot;sho conn count&quot;. You may want to try to up your number of allowed embryonic connections to a thousand.

nat (inside) 1 192.168.0.1 255.255.255.255 1000 1000

 

[Zelandakh]

result of sho conn count is:

97 in use, 2302 most used


Is it a timeout issue where the connections are not being dropped quickly enough? Looks like my connections timeout is set to 1 hour? (I'm using the PDM).

I'll change the embryonic to 1000 - many thanks for that suggestion.

 

[yizhar]

HI.

How many internal hosts?

You should remember that each host generates many connections. For example browsing a web page generates a connection for each image on the site + the html itself.

You should also try to monitor and check the activity - a virus on one or few hosts can make many connections.
If some hosts are running a file sharing program via the proxy server they can also use resrouces.

By using the &quot;show conn&quot; command you can look for connections that stay for long time.
Using syslog messages at level 6 can also help you track the traffic.



Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar