cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
514
Views
0
Helpful
6
Replies

Slackers losing internet connection from the LAN

poperob123
Level 1
Level 1

Hi Guys,

Having an issue with a 515(r) pix.

We are loosing connection to the internet on the internal network on a few internal hosts. These seem to belong to the slackers who are last to reach there desks in the morning..

When I clear xlate were all good again for a while.

This is going to be 1 of 2 things. Either this is the restricted version interfering but I don’t think we are hitting the 50k concurrent sessions by a long chalk.

More likely that this is a NAT / PAT issue. Mine is setup along these lines….

global (outside) 1 123.123.123.100-123.123.123.110

global (outside) 1 123.123.123.111

I cant really issue anymore external ips as the range isn’t huge.

Any thought?

Thanks in advance.

6 Replies 6

mgaysek
Level 1
Level 1

How many xlates are built at the time when you clear them? What is your xlate timer set for? What errors do you see in the log? You may want to incorporate the .111 into the other global pool.

jackko
Level 7
Level 7

try applying netmask with the global commands. i guess by specifying the netmask, the pix will understand the pool is for pat, not nat.

e.g.

global (outside) 1 123.123.123.100-123.123.123.110 netmask 255.255.255.240

I think what is happening is the xlate NAT addresses are filling up. The PAT address should then take the excess connections but isnt doing so. Xlate timeout is 3:00:00 Any more thoughts? What logging should i enable to monitor this?

Thanks again.

Please post your nat and global commands. The show xlate command will show you how many transalatoins are built and if your PAT is working. What is the purpose of having two different pools.

global (outside) 1 123.123.123.100-123.123.123.110

global (outside) 1 123.123.123.111

i agree with you that the pix should start performing pat after those 11 ip are natted.

just wondering what version is the pix running. do "sh xlate" when the issue occurs.

also timeout xlate 3:00:00 is the default and it works fine so far with all the pix i have been playing with.

just wondering how you go.