Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with XLATE (May be)Or TCP Conn

Status
Not open for further replies.
Liaquat

Liaquat

Technical User
Dec 20, 2003
24
US
Hello Everyone,
We have a web server that sits in DMZ.Its configured with a static:
static (Dmz,outside)X.X.X.X 192.168.15.7 0 0
Recently we started getting calls for Web site being down every two
or three days.For troubleshooting I used the clear Xlate global
X.X.X.X command and the page was back up.
My question is that we haven't added anything in th DMZ nor that we
have changed anything except for the fact that web site was updated.
What can I do to troubleshoot and resolve the problem.What could be
causing this...We are using 6.2(2)on a 525.
Q2:Clear Xlate only clears the Translations right or more?How about
TCP connections?

regards,

Liaquat
 
Sort by date Sort by votes
As far as i can remember both connections and xlats are cleared, since you can't have a connection with an xlate, so if the xlate is cleared so must the connection be.

Maybe your webserver is not up-to-date performance wise ? can you access the webserver from the inside when these customer call and say it is down from their point of view ?

Jan

Network Systems Engineer
CCNA/CQS/CCSP
 
Upvote 0 Downvote
Most probably your problem is due to the number of connections reached to the maximum. This is why when you clear the connnections/xlate things are getting back to normal. Pls check the static command for the web server to see whether there is any maximum connections or embryonic value is mentioned. If it is there increase it to higher number. It may be looking like this..

static (inside,outside) x.x.x.x y.y.y.y w z

where w and z are the maximum conn & embroynic value.

regrds
illyas

BS,CNE,MCSE,CCNA,SCSA
 
Upvote 0 Downvote
There is no maximum conn value or the embroynic value.They are both set to 0 0.Is it possible when my inside addresses go for this one specific web server in DMZ they dont actually get translated.That will solve the problem but I am not sure on how to actually exclude a transalation for one address in DMZ coming from Inside.

Thanks so much for your help!I have actually called this into Cisco but so far no luck.

Liaquat
 
Upvote 0 Downvote
Yes, your inside traffic is not using that static, it is only usable from the outside interface. if you could post your entire config (excl. passwords and other vital official ips of course) we could be more helpful.

Also do a "show conn" when this thing occurs, if there is way to many connections, do a "show conn count" and see if you think that the number of conns are way to high for the pix.

Jan

Network Systems Engineer
CCNA/CQS/CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
800
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
659
Johnkite
Johnkite
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
495
Nitta84
Nitta84
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
169
ISDPCMAN
ISDPCMAN
Ailuin
  • Locked
  • Question
Best Residential proxy provider.
Replies
1
Views
734
AvivBes
AvivBes

Part and Inventory Search

Sponsor

Back
Top