veneficuss
IS-IT--Management
OK - this one is a lil confusing. On the outside of the PIX, we do have 2 FTP servers. We are going to put these into a DMZ when out pix gets upgraded. I believe that they are sending out UDP 137 138 broadcasts, which are showing up in the SH XLATE table, sometimes completely clogging all available translations. I do not understand why the pix (running version 6.1) is translating an outside address to another outside address - it seems illogical to me. Look at the sample outputs below and PLEASE let me know if you have seen this before.
------------------------------------------------------
xxx.yyy.zzz.___ represents the outside IP address on the pix (a class c)
---------------------------------------------------------
Here is a sample from "SH XLATE" :
Global xxx.yyy.zzz.42 Local xxx.yyy.zzz.43 nconns 0 econns 0 flags -
Global xxx.yyy.zzz.41 Local xxx.yyy.zzz.42 nconns 0 econns 0 flags -
Global xxx.yyy.zzz.40 Local xxx.yyy.zzz.41 nconns 0 econns 0 flags -
-----------------------------------------------------------
Here is a sample from the "SH CONN" :
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.43:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.42:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.41:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.40:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.39:137 idle 0:01:30 flags -
---------------------------------------------------------
Is it possible that these ftp servers are causing this? it looks like a UDP 137/138 broadcast. why is it being translated and taking up valuable XLATE addresses? Tomorrow I am going to attempt to make the servers stop their udp broadcasts and see if that changes anything. I would much appreciate your input
------------------------------------------------------
xxx.yyy.zzz.___ represents the outside IP address on the pix (a class c)
---------------------------------------------------------
Here is a sample from "SH XLATE" :
Global xxx.yyy.zzz.42 Local xxx.yyy.zzz.43 nconns 0 econns 0 flags -
Global xxx.yyy.zzz.41 Local xxx.yyy.zzz.42 nconns 0 econns 0 flags -
Global xxx.yyy.zzz.40 Local xxx.yyy.zzz.41 nconns 0 econns 0 flags -
-----------------------------------------------------------
Here is a sample from the "SH CONN" :
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.43:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.42:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.41:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.40:137 idle 0:01:30 flags -
UDP out xxx.yyy.zzz.255:137 in xxx.yyy.zzz.39:137 idle 0:01:30 flags -
---------------------------------------------------------
Is it possible that these ftp servers are causing this? it looks like a UDP 137/138 broadcast. why is it being translated and taking up valuable XLATE addresses? Tomorrow I am going to attempt to make the servers stop their udp broadcasts and see if that changes anything. I would much appreciate your input