02-26-2014 11:04 AM - edited 03-11-2019 08:50 PM
I know the PIX-515 has been off support since 2007, but there is, still, one integrated into our network. At times, it stops forwarding or responding to PAT traffic directed to an internal server on port 80 (www). Nothing else on the device is impacted and it is fixed by clearing the translation table (Clear XLAT). Is there a better fix than to constantly clear this table?
03-03-2014 08:29 AM
Hi;
Clearly there is an issue with either the connection or the translation. I would run a packet-tracer at the time of the issue and get the logs. We need to narrow it down a bit more.
Let me know
Sent from Cisco Technical Support Android App
03-03-2014 09:29 AM
greetings jon.
i bet the problem is the lack of memory ram for addressing all dinamic translation table on memory, so connection tracking is going corrupt and then nat is stop doing the task.
when you'll do clear xlate, the table goes to null and then could address new connections.
check out how many open connections you had on your PIX before stops working, and then before and after clear xlate check how much ram you had used then compare.
if you'll PIX has less than 128MB, just buy some SDRAM 128MB PC 133Mhz Memories and put them...
that's my idea.
had a great day and rate if this helps you.
03-03-2014 10:59 AM
I bet not. A port redirection is a static translation, If you do a show Xlate prior sending traffic, the Xlate is there, no matter what happens. If anything should be failing would be the dynamic translations, not the static ones and this is not the case.
Bet if it was your guess, All dynamic translations should be failing.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide