Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1206
Views
0
Helpful
7
Replies

Clear Xlate Issue

PE-PatInBC
Level 1
Level 1

‎07-03-2006 07:06 AM - edited ‎03-09-2019 03:28 PM

I have a 515e PIX with 6.3.

About once every few weeks I get an issue where my internal clients on the inside interface cannot reach our web based services from the inside. The users that access them from the outside have no issue. If I clear xlate the issue goes away for a few weeks again.

What could cause this ? If there is no obvious reason why this is happening is it possible to script something or a way to clear the translation tables automatically at a set time like 3am ?

Thanks for any thoughts.

Labels:
0 Helpful
7 Replies 7

anand1871
Level 1
Level 1

‎07-03-2006 10:51 AM

can u post ur configs??

i think that will hjelp a lot..

i think that problems is cause ur xlate table gets filled...

You shuldt be having this problem for outside users cause u would have static natted ur servers with a public IP....thus pix would have created a permanent entry into the xlate table.....

but for inside users....the entries xlate table will be dynamic......so once the table gets filled new users will not be able to reach the server...

0 Helpful

Fernando_Meza
Level 7
Level 7

‎07-03-2006 06:06 PM

can you post the output of show timeout

0 Helpful

PE-PatInBC
Level 1
Level 1
In response to Fernando_Meza

‎07-05-2006 08:47 AM

Thanks for your responses.

----------------------------------------------------

Here are the contents of sh timeout

***-Wall# sh timeout

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

***-Wall#

--------------------------------------------------

--------------------------------------------------

The version of the PIX IOS is 6.3(4) so the I guess isn't the issue. I am curious if upgrading to 7.0 might benefit me though and is it a simple process or painful.

---------------------------------------------------

I am editing my config for posting and will get it up shortly.

Thanks again for your thoughts on this.

0 Helpful

satish77
Level 1
Level 1

‎07-04-2006 05:26 PM

If you are using PIX Version 6.2(2) perhaps bug CSCdy58717 try upgrading to PIX 6.3(x)

0 Helpful

PE-PatInBC
Level 1
Level 1
In response to satish77

‎07-05-2006 10:58 AM

Attached is my config.

aaa.bbb.ccc = IPs on the outside

111.222.333 = a 3rd party email scanning network

192.168.10.x = represents my inside network

192.168.20.x = represents my DMZ Network

Preview file
16 KB
0 Helpful

Fernando_Meza
Level 7
Level 7
In response to PE-PatInBC

‎07-05-2006 06:37 PM

hi .. you config seems OK .. what about the licensing part .. show version

You could also reduce the xlate timeout from the default 3 hours ...

I hiope it helps ... please rate if it does !!!

0 Helpful

PE-PatInBC
Level 1
Level 1
In response to Fernando_Meza

‎07-06-2006 12:22 PM

One more thing to add that may be an issue. Our external domain name is the same as the domain name for our MS Active Directory. While I a sure that our DNS is configured correctly, this may or may not be an issue.

Just thought I'd add that. Anyone with any thoughts ?

0 Helpful
Customers Also Viewed These Support Documents