Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
2
Replies

PIX NAT problems

smatting
Visitor

‎10-16-2003 08:46 AM - edited ‎02-20-2020 11:02 PM

I'm using a global NAT pool that spans 5 Class C subnets and I am NAT'ing all internal hosts to that pool. Strange behavior is that I am running out of translations, it stops handing out translations when it reaches somewhere in the area of 650 translations.

Here's my nat config:

global (outside) 1 152.157.168.1-152.157.172.254

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

What's really strange is that certain addresses are skipped as translations are handed out. It seems to be following a pattern of handing out addresses: 1,2,5,9

Any ideas?

0 Helpful
2 Replies 2

jmia
Level 11
Level 11

‎10-16-2003 09:31 AM

Scott -

Have you tried command: clear xlate, and see if you get the same problem. Also which pix ios and pix model, i.e. 501/506/515 etc.

Thanks -

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee

‎10-16-2003 10:46 AM

HI,

CAn you see how many translations are being built up.

"show xlat count"

What if some inside PC's are infected with virus/worm and sending spoofed IP packets towards/across PIX, Hence PIX is making translation for them.

try "show xlat" and find out if any IP other then your inside network is making the entry there.

Additionaly you can try the following

1- Make access-list on the inside interface to only permit your inside network to go through the PIX

2- change the nat(inside) 1 0.0.0.0 0.0.0.0 to

nat (inside) 1

3- apply "ip verfiy reverspath inside" command

4- make a PAT entry e.g. global(outside) 1 interface

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card