https://community.cisco.com/t5/network-security/pix-failure/m-p/266351#M590713 <HTML><HEAD></HEAD><BODY><P>Hello again,</P><P></P><P>Your config is good. Have you check your logg messages if there are some more detailed error messages. </P><P></P><P>logging on </P><P>logging buffer warning</P><P></P><P>Do a: </P><P>show logg </P><P>show xlate</P><P>show xlate detail</P><P></P><P>Again why are you using NAT and PAT in the same time ?</P><P></P><P>Try with just PAT:</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.100.100.0 255.255.255.0 0 0 </P><P></P><P>sincerly</P><P>Patrick</P></BODY></HTML> Thu, 19 Aug 2004 17:04:02 GMT piseli 2004-08-19T17:04:02Z https://community.cisco.com/t5/network-security/pix-failure/m-p/266350#M590707 <P>We have a PIX 506e that had been working well, then</P><P>we started having problems with NAT users getting</P><P>flaky (inconsistent) connections going out. Yesterday all NAT traffic stopped. From what I can</P><P>see I am not passing any traffic.</P><P></P><P>I can ping addresses on both interfaces and have reloaded the configuration numerous times as well as</P><P>wiping the configuration completely and reloading it</P><P>from scratch.</P><P></P><P>Any ideas?</P><P></P><P>Below is the relevant configuration:</P><P></P><P>PIX Version 6.3(1)</P><P>interface ethernet0 auto</P><P>interface ethernet1 100full</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>hostname pixfirewall</P><P>ip address outside xx.yy.zz.2 255.255.255.192</P><P>ip address inside 192.100.100.1 255.255.255.0</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>pdm history enable</P><P>global (outside) 1 xx.yy.xx.3-xx.yy.xx.20 netmask 255.255.255.192</P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.100.100.0 255.255.255.0 0 0</P><P></P> Fri, 21 Feb 2020 07:34:47 GMT https://community.cisco.com/t5/network-security/pix-failure/m-p/266350#M590707 befwguy80 2020-02-21T07:34:47Z https://community.cisco.com/t5/network-security/pix-failure/m-p/266351#M590713 <HTML><HEAD></HEAD><BODY><P>Hello again,</P><P></P><P>Your config is good. Have you check your logg messages if there are some more detailed error messages. </P><P></P><P>logging on </P><P>logging buffer warning</P><P></P><P>Do a: </P><P>show logg </P><P>show xlate</P><P>show xlate detail</P><P></P><P>Again why are you using NAT and PAT in the same time ?</P><P></P><P>Try with just PAT:</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.100.100.0 255.255.255.0 0 0 </P><P></P><P>sincerly</P><P>Patrick</P></BODY></HTML> Thu, 19 Aug 2004 17:04:02 GMT https://community.cisco.com/t5/network-security/pix-failure/m-p/266351#M590713 piseli 2004-08-19T17:04:02Z https://community.cisco.com/t5/network-security/pix-failure/m-p/266352#M590725 <HTML><HEAD></HEAD><BODY><P>Patrick,</P><P></P><P>The reason that I did NAT and PAT was (and I read this somewhere) that if I ran out of NAT addresses that the PAT addresses would take over until a NAT address was available. Is that not an efficient way to do things?</P><P></P><P>When I do a sh xlate it shows 7 in use and 7 max. NATing inside addresses to outside addresses. So, it would seem that all is setup correctly.</P><P></P><P>Any thoughts?</P><P></P></BODY></HTML> Fri, 20 Aug 2004 10:55:38 GMT https://community.cisco.com/t5/network-security/pix-failure/m-p/266352#M590725 befwguy80 2004-08-20T10:55:38Z