Re: PIX failure...

befwguy80 · ‎08-19-2004

We have a PIX 506e that had been working well, then

we started having problems with NAT users getting

flaky (inconsistent) connections going out. Yesterday all NAT traffic stopped. From what I can

see I am not passing any traffic.

I can ping addresses on both interfaces and have reloaded the configuration numerous times as well as

wiping the configuration completely and reloading it

from scratch.

Any ideas?

Below is the relevant configuration:

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname pixfirewall

ip address outside xx.yy.zz.2 255.255.255.192

ip address inside 192.100.100.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

global (outside) 1 xx.yy.xx.3-xx.yy.xx.20 netmask 255.255.255.192

global (outside) 1 interface

nat (inside) 1 192.100.100.0 255.255.255.0 0 0

piseli · ‎08-19-2004

Hello again,

Your config is good. Have you check your logg messages if there are some more detailed error messages.

logging on

logging buffer warning

Do a:

show logg

show xlate

show xlate detail

Again why are you using NAT and PAT in the same time ?

Try with just PAT:

global (outside) 1 interface

nat (inside) 1 192.100.100.0 255.255.255.0 0 0

sincerly

Patrick

befwguy80 · ‎08-20-2004

Patrick,

The reason that I did NAT and PAT was (and I read this somewhere) that if I ran out of NAT addresses that the PAT addresses would take over until a NAT address was available. Is that not an efficient way to do things?

When I do a sh xlate it shows 7 in use and 7 max. NATing inside addresses to outside addresses. So, it would seem that all is setup correctly.

Any thoughts?