Hi Sagar,
You may not be able to clear xlate and get this error message "Unable to clear all xlates within five seconds limit".
This is certainly a DOS attack from your internal network.
Kindly get your internal hosts scanned for sasser and blaster worm which makes hundreds of connection per second on tcp ports 445 and 135 resp. resulting in exhaustion of connection table.
The output of:
show cpu usage
would also show you high cpu utilization.
Even show mem would show that you are running on low memory.
The only remedy is to reboot the Pix at this time and once you are back up, you would be able to do a clear xlate and also to apply access-lists to block these ports and open the rest.
These ports can be tracked from the output of:
show conn
The access-lists would be something like this:
access-list in-to-out deny tcp any any eq 445
access-list in-to-out deny tcp any any eq 135
access-list in-to-out permit ip any any
access-group in-to-out in interface inside
The above access-lists are constructed assuming that there are no access-lists already on inside interface.
If you have any queries, feel free to e-mail me directly at: rpathani@cisco.com
Warm Regards,
Rahul Pathania.
