Unpredictable network connection

mlabuguen · ‎07-21-2003

Hi all,

Has anyone experienced flakey/unpredictable internet connectivity? What i mean is that sometimes I would have connectivity to the outside (internet) and other times i would completely be severed from any outside connection. The same goes to the other PCs connected to our internal network.

We have recently moved our entire network infrastructure to another building. Everything remained constant except for an added a cisco 4700 chassis with vlan enabled and an upgraded frac DS3 circuit to the internet.

I triple checked my static and nat/global parameters on our pix 515s and they seem to be all there.

It seems as if the whole company is contending for a small pool of dynamic nats but in reality i've configured over 100 simultaneous connections to the internet. Seems like network connectivity tops at 22 connection before the pix prohibits tcp sessions.

Please advise if you have any idea what is going on.

Thanks in advance!

Marvin

drolemc · ‎07-25-2003

A minor clarification first. A NAT defines a translation. Each translated host might have multiple connections. If the number of connections are being limited then you need to look into the max_conns parameter in the static and NAT commands. You might have set it to a low value.

It would also be a good idea to enable syslog on your PIX and also enable basic monitoring. For more information please see http://www.cisco.com/warp/public/110/pixperformance.html. You might be facing some sort of DOS attack.

mlabuguen · ‎07-29-2003

Donald,

Thanks for the input. It turned out to be a misconfiguration in the part of our internet provider's managed router. Someone fat fingured a wild card mask of 0.0.0.254 instead of 0.0.0.255 The 254 signifies that only even #'s on the last octet will be let through the router. Unfortunately it took us over a week to find that the problem was located on our managed 7200 router.

Marvin