Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
0
Helpful
2
Replies

Clearing xlate on PIX

mike-banks
Level 1
Level 1

‎10-31-2001 07:39 AM - edited ‎02-20-2020 09:53 PM

I have a PIX 515 version 4.4(1). Recently, I have been having a problem where either a host is unable to establish a outbound connection through the firewall or certain protocols for host computers cannot go out through the firewall. To resolve the problem I have to clear the xlate. This problem is now occurring about once a week. Any suggestions would be appreciated. Thanks, Mike

0 Helpful
2 Replies 2

jbaigorr
Level 1
Level 1

‎10-31-2001 11:05 PM

How long are you timeout values for tcp, udp, etc...?

You might be filling up your translation table with alot of idle connections. Typically for TCP you want to have timeout value of 10 min and UDP for 2 min.

The show xlate and the show conn will help to see how many idle connections you have.

I hope this helps.

Gonzalo

0 Helpful

robert.hyde
Level 1
Level 1

‎11-01-2001 09:43 AM

An extremely large project that I have been working with has a PIX that exhibited symptoms similar to what you are describing, but a different variation. As a result, we opened a case with Cisco TAC, and I have collected a fair amount of data on this broad type of behavior with corruption of the xlate table. There was a case opened a little over a year ago which matches pretty closely to what you are seeing, and it was not resolved until they upgraded to 4.4(4). So if adjusting the config does not seem to make a difference, I would certainly recommend an upgrade. In their case, they were never able to find a specific cause or bug id, but after that upgrade it never happened again.

Good luck!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card