Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1366
Views
0
Helpful
3
Replies

FWSM Firewall Version 3.1(10) issue

jignesh.darji
Level 1
Level 1

‎06-20-2011 11:26 PM - edited ‎03-11-2019 01:47 PM

HI EXPERTS,

I AM FACING PROBLEM WITH FWSM Firewall Version 3.1(10), HERE IIN FWSM NOT CONFIGURED STATIC, DYNAMIC NAT AT ALL, AS WELL NO NAT-CONTROL IS THERE BUT STILL I M GETING OUTPUT OF SHOW XLATE BUT ALL ARE GLOBAL TRANSLATION.

ACTUALLY THIS NOT MY PROBLEM. SOMETIME ONE TIME OR TWO TIME IN MONTH ONE OF INTERNAL SERER NOT REACHABLE IT NOT PASSING TRHOUG FIREWALL FOR OUTSIDE WORLD SIMPLY I IN FIREWALL AND TYPE clear xlate IT START NORMAL AGAIN AND WORKING FINE!!!

WHAT IS THIS YAR.!!! NOT GETTING THIS!!!

HELP ME IF U HAVE ANY IDEA EXPERTS!!!

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎06-20-2011 11:47 PM

Hi,

Pior doing clear xlate, have you tried to check if there are any xlates buid in? Maybe is not so much of an xlate that is stuck, it may be a connection issue.

Have you take that output prior clearing the xlate table?

Mike

Mike
0 Helpful

jignesh.darji
Level 1
Level 1
In response to Maykol Rojas

‎06-21-2011 12:09 AM

Hi Maykol

Dude actually no prior nat at all i install FW and configure failover. There is no nat commnad in firewall, yes

I have Show Xlate output but as I told all are global translation

globa X.X.X.X X.X.X.X like i m getting ouput. Dude when i just type clear xlate my internal server working fine.

after some day near around one month one or two server getting unreachable error for outside world, but internally in LAN working fine, just i log in core-switch and go to FWSM and type "clear xlate" it work perfect again..!!!

xlate entries are not more then 120 around!!

This Compelet story.!! tell me what are otherstep I can do in troubleshooting or some suggestion !!!

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to jignesh.darji

‎06-29-2011 01:13 PM

Hi Jignesh,

You are seeing those xlates on the FWSM instead of having no nat due to the fact the way FWS works by default. Frankly, i have seen such issues in the past.

Is it just one server that is always affected or are they different hosts affected at different times? Have you taken a look at the output of show xlate det to see if there is any wrong xlate entry formed due to some route flaps in the network?

I would suggest collecting the outputs of show xlate detail and show conn detail when the issue happens next before performing a clear xlate so we can see what is going on.

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card