Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
2
Replies

PIX Xlate hangs sessions

damomann
Level 1
Level 1

‎03-17-2003 12:32 AM - edited ‎02-20-2020 10:37 PM

Hi,

This problem still persists after 3 days and only users for this perticular network goes out of browsing.

We have implemented PIX with the following configuration.We have a 3

inside networks mapped with 2 different public IP pools 203.125.152.0/26 and

203.125.150.0/24.Problem is the inside network 10.0.0.0/17(10.0.0.0 subnet

mask 255.255.128.0) is not able to go to internet after a certain period of

time ( 2 or 3 days).

Any idea where the problem is..thanks..

172.0.0.0/8

10.0.0.0/8

10.0.0.0/17

Here are the details.

pixfirewall# sh global

global (outside) 1 203.125.152.194-203.125.152.236 netmask 255.255.255.192

global (outside) 4 203.125.150.1-203.125.150.126 netmask 255.255.255.128

global (outside) 2 203.125.152.244 netmask 255.255.255.192

global (outside) 3 203.125.152.248 netmask 255.255.255.192

global (outside) 1 203.125.152.193 netmask 255.255.255.192

global (outside) 4 203.125.150.249 netmask 255.255.255.128

global (dmz) 1 172.16.13.11-172.16.13.20 netmask 255.255.255.0

global (dmz) 2 172.16.13.51-172.16.13.60 netmask 255.255.255.0

global (dmz) 3 172.16.13.61-172.16.13.70 netmask 255.255.255.0

global (dmz) 4 172.16.13.71-172.16.13.80 netmask 255.255.255.0

global (dmz) 1 172.16.13.10 netmask 255.255.255.0

global (dmz) 2 172.16.13.9 netmask 255.255.255.0

global (dmz) 3 172.16.13.8 netmask 255.255.255.0

global (dmz) 4 172.16.13.6 netmask 255.255.255.0

pixfirewall# sh nat

nat (inside) 2 172.16.1.115 255.255.255.255 0 0

nat (inside) 3 172.16.11.76 255.255.255.255 0 0

nat (inside) 3 172.16.11.80 255.255.255.255 0 0

nat (inside) 3 172.16.11.84 255.255.255.255 0 0

nat (inside) 2 172.16.11.224 255.255.255.240 0 0

nat (inside) 4 10.0.0.0 255.255.128.0 0 0

nat (inside) 1 10.0.0.0 255.0.0.0 0 0

nat (inside) 1 172.0.0.0 255.0.0.0 0 0

nat (dmz) 1 172.16.13.0 255.255.255.0 0 0

pixfirewall# sh xlate

Global 203.125.152.220 Local 172.16.11.71

Global 203.125.152.221 Local 172.16.11.149

Global 172.16.13.11 Local 172.16.11.139

PAT Global 203.125.152.193(52641) Local 172.16.11.57(1155)

Global 203.125.152.222 Local 172.16.11.120

Global 203.125.152.223 Local 172.16.152.37

Global 203.125.152.216 Local 172.17.1.94

Global 203.125.152.217 Local 172.16.1.20

Global 203.125.152.218 Local 172.16.5.20

Global 172.16.13.12 Local 172.16.1.205

Global 203.125.152.219 Local 172.16.11.139

Global 172.16.13.13 Local 172.16.154.75

Global 203.125.152.212 Local 172.16.11.194

Global 203.125.152.213 Local 172.17.11.91

Global 203.125.152.214 Local 172.17.1.91

Global 203.125.152.215 Local 172.16.5.78

Global 203.125.152.208 Local 172.16.1.22

Global 203.125.152.209 Local 172.16.5.15

Global 203.125.152.210 Local 172.16.151.75

Global 203.125.152.211 Local 172.17.1.23

Global 203.125.152.204 Local 172.16.5.79

Global 203.125.152.205 Local 172.16.5.13

PAT Global 203.125.152.193(52640) Local 172.16.11.57(1154)

Global 203.125.152.206 Local 172.18.1.22

Global 203.125.152.207 Local 172.18.1.104

Global 203.125.152.200 Local 172.16.11.192

Global 203.125.152.201 Local 172.18.1.24

Global 203.125.152.203 Local 172.16.5.17

PAT Global 172.16.13.6(43713) Local 10.0.12.137(12875)

Global 203.125.152.203 Local 172.16.151.72

Global 203.125.152.196 Local 172.16.5.21

Global 203.125.152.197 Local 10.120.10.51

Global 172.16.13.19 Local 172.18.1.254

Global 203.125.152.198 Local 172.17.1.93

Global 203.125.152.199 Local 172.16.11.186

Global 203.125.150.193 Local 172.16.206.30 static

PAT Global 203.125.152.244(21827) Local 172.16.11.233(4493)

PAT Global 203.125.152.244(21811) Local 172.16.11.233(4480)

Global 203.125.152.194 Local 172.16.5.18

Global 172.16.13.20 Local 172.17.1.110

Global 203.125.152.195 Local 172.16.5.14

Global 203.125.150.252 Local 172.16.1.40 static

Global 203.125.152.252 Local 172.16.13.21 static

Global 172.16.13.42 Local 172.18.1.22 static

Global 172.16.13.43 Local 172.17.1.21 static

PAT Global 203.125.152.193(52643) Local 172.16.11.57(1158)

Global 172.16.13.40 Local 172.16.11.21 static

Global 172.16.13.41 Local 172.16.206.21 static

Global 203.125.150.249 Local 172.16.13.27 static

Global 203.125.152.249 Local 172.16.13.23 static

Global 172.16.13.47 Local 10.160.10.53 static

Global 203.125.152.250 Local 172.16.1.41 static

Global 203.125.150.250 Local 172.16.1.24 static

PAT Global 172.16.13.6(43714) Local 10.0.12.140(14384)

Global 172.16.13.44 Local 172.16.152.21 static

Global 203.125.152.251 Local 172.16.13.22 static

Global 172.16.13.45 Local 10.160.10.51 static

Global 203.125.152.245 Local 10.160.10.51 static

Global 203.125.152.246 Local 172.16.13.26 static

Global 203.125.152.247 Local 172.16.13.25 static

Global 203.125.152.240 Local 10.160.10.52 static

Global 203.125.152.241 Local 172.16.18.51 static

PAT Global 203.125.152.244(22080) Local 172.16.11.229(1026)

PAT Global 203.125.152.244(21856) Local 172.16.11.224(1473)

Global 203.125.152.242 Local 172.16.206.31 static

Global 203.125.152.243 Local 172.16.206.21 static

Global 203.125.152.236 Local 172.16.1.25

PAT Global 203.125.152.193(52642) Local 172.16.11.57(1157)

PAT Global 203.125.152.193(52626) Local 172.16.11.57(1135)

Global 203.125.152.232 Local 172.16.155.85

Global 203.125.152.233 Local 172.17.1.21

Global 203.125.152.234 Local 172.16.5.75

PAT Global 172.16.13.6(43715) Local 10.0.12.142(14931)

Global 203.125.152.235 Local 172.17.1.92

Global 203.125.152.228 Local 172.16.11.124

Global 203.125.152.229 Local 172.16.1.26

Global 203.125.152.230 Local 172.16.5.80

Global 203.125.152.231 Local 172.16.11.21

Global 203.125.152.224 Local 172.16.5.16

Global 203.125.152.225 Local 172.16.11.196

PAT Global 203.125.152.244(22081) Local 172.16.11.233(4546)

Global 203.125.152.226 Local 172.16.1.102

Global 203.125.152.227 Local 172.16.152.32

Global 172.16.13.74 Local 10.0.12.76

Global 172.16.13.75 Local 10.0.12.80

PAT Global 203.125.152.193(52645) Local 172.16.11.57(1160)

PAT Global 203.125.152.193(52629) Local 172.16.11.57(1138)

Global 172.16.13.72 Local 10.0.12.71

Global 172.16.13.73 Local 10.0.12.73

Global 172.16.13.78 Local 10.0.12.83

Global 172.16.13.79 Local 10.0.12.67

PAT Global 172.16.13.6(43716) Local 10.0.12.143(3744)

Global 172.16.13.76 Local 10.0.11.242

Global 172.16.13.77 Local 10.0.12.82

PAT Global 203.125.152.244(22054) Local 172.16.11.224(1675)

Global 172.16.13.71 Local 10.0.12.70

PAT Global 203.125.152.193(52644) Local 172.16.11.57(1159)

PAT Global 172.16.13.6(43717) Local 10.0.12.144(50265)

Global 203.135.39.36 Local 172.16.1.34 static

Global 203.135.39.37 Local 172.16.1.32 static

Global 172.16.13.80 Local 10.0.12.69

PAT Global 203.125.152.193(52647) Local 172.16.11.57(1162)

PAT Global 203.125.152.193(52631) Local 172.16.11.57(1140)

PAT Global 203.125.152.193(52646) Local 172.16.11.57(1161)

PAT Global 203.125.152.193(52630) Local 172.16.11.57(1139)

PAT Global 203.125.152.248(50501) Local 172.16.11.76(1030)

PAT Global 203.125.152.193(52649) Local 172.16.11.57(1164)

PAT Global 203.125.152.193(52633) Local 172.16.11.57(1143)

PAT Global 203.125.152.193(52648) Local 172.16.11.57(1163)

PAT Global 203.125.152.193(52632) Local 172.16.11.57(1141)

PAT Global 203.125.152.193(52651) Local 172.16.11.57(1167)

PAT Global 203.125.152.193(52635) Local 172.16.11.57(1148)

PAT Global 203.125.152.193(52603) Local 172.18.1.100(1912)

PAT Global 203.125.152.193(52491) Local 172.16.11.206(1047)

Global 203.135.6.212 Local 172.16.1.31 static

Global 203.135.6.214 Local 172.16.1.205 static

Global 203.135.6.215 Local 172.16.1.50 static

Global 203.135.6.211 Local 172.16.1.64 static

PAT Global 203.125.152.193(52650) Local 172.16.11.57(1165)

PAT Global 203.125.152.193(52634) Local 172.16.11.57(1145)

PAT Global 203.125.152.193(52618) Local 172.16.11.57(1126)

PAT Global 203.125.152.193(52653) Local 172.16.11.57(1170)

PAT Global 203.125.152.193(52637) Local 172.16.11.57(1150)

Global 203.125.150.31 Local 10.0.12.139

PAT Global 203.125.152.193(52652) Local 172.16.11.57(1168)

PAT Global 203.125.152.193(52636) Local 172.16.11.57(1149)

PAT Global 203.125.152.244(22079) Local 172.16.11.233(4544)

PAT Global 203.125.152.193(52655) Local 172.16.11.57(1172)

PAT Global 203.125.152.193(52639) Local 172.16.11.57(1152)

PAT Global 203.125.152.193(52654) Local 172.16.11.57(1171)

PAT Global 203.125.152.193(52638) Local 172.16.11.57(1151)

pixfirewall#

0 Helpful
2 Replies 2

thomas.chen
Level 6
Level 6

‎03-21-2003 09:35 AM

The cause could be rise in traffic flow in your network which can make the PIX hang, Do check if you have enough memory.

If the Show version does not clearly show the flash available in the pix use the following URL

http://www.cisco.com/warp/customer/110/pixfaq.shtml#Q22.

0 Helpful

damomann
Level 1
Level 1
In response to thomas.chen

‎03-23-2003 07:08 AM

Thnks for the URL, I can match the Flash and Mem, that is 16MB flash and 128 MB of RAM,Flash binary is just upgraded to pix611.bin from pi528.bin and free mem is 112MB.Yet the fear is there after the IOS Upgrade.

Waiting for next advice if other than "To wait for"...:)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card