Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
0
Helpful
6
Replies

Slackers losing internet connection from the LAN

poperob123
Level 1
Level 1

‎10-10-2005 06:15 AM - edited ‎03-09-2019 12:40 PM

Hi Guys,

Having an issue with a 515(r) pix.

We are loosing connection to the internet on the internal network on a few internal hosts. These seem to belong to the slackers who are last to reach there desks in the morning..

When I clear xlate were all good again for a while.

This is going to be 1 of 2 things. Either this is the restricted version interfering but I don’t think we are hitting the 50k concurrent sessions by a long chalk.

More likely that this is a NAT / PAT issue. Mine is setup along these lines….

global (outside) 1 123.123.123.100-123.123.123.110

global (outside) 1 123.123.123.111

I cant really issue anymore external ips as the range isn’t huge.

Any thought?

Thanks in advance.

Labels:
0 Helpful
6 Replies 6

mgaysek
Level 1
Level 1

‎10-10-2005 08:57 AM

How many xlates are built at the time when you clear them? What is your xlate timer set for? What errors do you see in the log? You may want to incorporate the .111 into the other global pool.

0 Helpful

jackko
Level 7
Level 7

‎10-10-2005 05:21 PM

try applying netmask with the global commands. i guess by specifying the netmask, the pix will understand the pool is for pat, not nat.

e.g.

global (outside) 1 123.123.123.100-123.123.123.110 netmask 255.255.255.240

0 Helpful

poperob123
Level 1
Level 1
In response to jackko

‎10-11-2005 01:13 PM

I think what is happening is the xlate NAT addresses are filling up. The PAT address should then take the excess connections but isnt doing so. Xlate timeout is 3:00:00 Any more thoughts? What logging should i enable to monitor this?

Thanks again.

0 Helpful

mgaysek
Level 1
Level 1
In response to poperob123

‎10-11-2005 05:47 PM

Please post your nat and global commands. The show xlate command will show you how many transalatoins are built and if your PAT is working. What is the purpose of having two different pools.

0 Helpful

jackko
Level 7
Level 7
In response to poperob123

‎10-11-2005 06:19 PM

global (outside) 1 123.123.123.100-123.123.123.110

global (outside) 1 123.123.123.111

i agree with you that the pix should start performing pat after those 11 ip are natted.

just wondering what version is the pix running. do "sh xlate" when the issue occurs.

also timeout xlate 3:00:00 is the default and it works fine so far with all the pix i have been playing with.

0 Helpful

jackko
Level 7
Level 7
In response to jackko

‎10-19-2005 10:46 PM

just wondering how you go.

0 Helpful
Customers Also Viewed These Support Documents