pix 520 to many connection

i.elnory · ‎09-09-2001

i am having a problem which is the number of connections is growing om the pix over 300 000 connection ,the main problem that the idle connection does not be closed .

if i make clear xlate nothing happend, i must reboot the pix

j.hofman · ‎09-11-2001

What version of the PIX OS are you running? This may be a known bug.

i.elnory · ‎09-12-2001

the Version 5.1(2)207

jekrauss · ‎09-12-2001

Need just a little more information. If your show conn is showing that DNS connections are not being released, then it may be bug:CSCds02935

Here's the release note:

DESCRIPTION:

PIX versions 5.1 and above may sometimes not release the UDP DNS connections

after the DNS query has resolved.

If a client makes a DNS query through the PIX, and received the reply, the

PIX marks the connection as removable, but does not delete the connection

entry as indicated by the output of a "show conn".

EXAMPLE:

The output of a "show conn" on the PIX will show many UDP entries, all with

the D- flag set. These are entries that can be deleted, but have not been.

FIX:

This bug has been fixed in 5.1(5), 5.2(4), and 5.3(1).

HTH

Jeff

jkimble · ‎09-20-2001

Sounds like you need to change your xlate timeout settings. You might try to update the code and change the xlate time out.