Showing results for 
Search instead for 
Did you mean: 

The PIX Firewall 500 series does not pass PAT traffic. SSH and Telnet connections fail in the PIX with software version 6.x


What is PAT?

PAT is a concept used in networking. It can be defined as a feature of a given network device with which the device translates the TCP or UDP communications that are made between the hosts on a private and host on a public network. PAT finds wider usage in the LAN technology and it allows multiple hosts of a private network to use a single public IP address.

PAT technology finds its use in the software firewalls and the broadband network devices. The main advantage of PAT is that it allows multiple hosts to share a common public IP and saves the wastage of IP for the users who do not need support for inbound connections. Somehow the implementation of PAT in a network increases the firewall complexity and in addition to that PAT do suffers from scalability issues.

Port address transaction is a process of rewriting a port numbers to random number. Pat will translate the port .It allows a single public IP address to be used by many hosts on the private network

local private hosts and both send packets from source port 5000. A NAPT device might translate these to a single public IP address but two different source ports, say 5998 and 5999. Response traffic received for port 5998 is routed to while port 5999 traffic is routed to

Core issue

Static Network Address Translation (NAT) works in PIX Firewall version 6.3(1). However, global Port  Address Translation (PAT) does not work properly.

When the PIX configuration is changed to use global PAT, all Telnet and Secure Shell (SSH) connections fail.

Note: Even the clear xlate command does not resolve the issue.


For a workaround, upgrade the PIX software to version 6.3(3) or later.

Refer to Software Download: Cisco PIX Security Appliance Software.

Problem Type

Troubleshoot software feature

Product Family

Firewall - PIX 500 series



PIX Software Version

PIX version 6.x

PIX Model

PIX 500 Series Firewall

Features & Tasks

Port Address Translation (PAT)

Device Access Method


Secure Shell (SSH)

Content for Community-Ad