cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
952
Views
5
Helpful
5
Replies

PIX 525: Users being denied access to outside internet randomly

jim_mayfield
Level 1
Level 1

Several times a week I am having to clear the xlate table to allow certain users the ability to surf the internet. This happens at different times of the day to different people every time. User can surf the intranet just fine but once they try to get out on the internet they get a "page can't be displayed" in their browser. Also getting input errors as well as overruns on my outside interface, which I have swapped the pix, the switch it's connected to and the cabling. None of this has stopped my errors from going up and I have even downgraded the code from 7.2 to 7.1 and the issue is still happening.

5 Replies 5

excession
Level 1
Level 1

How often does this problem occur? I would start by checking the connection and translate timeout values "show timeouts".

You could also do the following:

clear asp drop

clear counters

Save the output of the following:

"show tech"

"show asp drop"

"show blocks"

"show memory"

"show resource usage"

"show cpu usage"

Wait until the problem occurs and save the output of the same commands.

You can use this information to see if you are running into a resource problem.

As well as interface overruns I would also watch for LOW counts of zero in "show blocks" indicating dropping of packets due to block memory exhaustion, high memory usage, high cpu usage, connection limit being reached under "show resource usage". See if you see flow drops and drops due to resource problems in "show asp drop"

Your email said it all. You're using

Early Deployment (ED) code which is very

unstable. It is ED. Very likely that it

is a bug. Try version 6.3(5) which is

GD and see if the problem goes away.

Downgrade from 7.2 to 7.1 didn't help you

right? you downgraded from one ED to another

ED.

just to mention it: 7.0.7 is also GD - after 2 years of pix os version 7 :-)

The problem occurs two or three times a week to a handful of people. The times it happens can't be planned. Thanks for the commands, there are a couple I haven't tried yet.

btw. having problems with 7.2.3 as well:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe6fa6

so maybe it is really better to go with GD.

have fun,

juergen

Review Cisco Networking for a $25 gift card