PIX 525: Users being denied access to outside internet randomly

Unanswered Question

Several times a week I am having to clear the xlate table to allow certain users the ability to surf the internet. This happens at different times of the day to different people every time. User can surf the intranet just fine but once they try to get out on the internet they get a "page can't be displayed" in their browser. Also getting input errors as well as overruns on my outside interface, which I have swapped the pix, the switch it's connected to and the cabling. None of this has stopped my errors from going up and I have even downgraded the code from 7.2 to 7.1 and the issue is still happening.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
excession Mon, 11/05/2007 - 14:12
User Badges:

How often does this problem occur? I would start by checking the connection and translate timeout values "show timeouts".

You could also do the following:

clear asp drop

clear counters

Save the output of the following:

"show tech"

"show asp drop"

"show blocks"

"show memory"

"show resource usage"

"show cpu usage"

Wait until the problem occurs and save the output of the same commands.

You can use this information to see if you are running into a resource problem.

As well as interface overruns I would also watch for LOW counts of zero in "show blocks" indicating dropping of packets due to block memory exhaustion, high memory usage, high cpu usage, connection limit being reached under "show resource usage". See if you see flow drops and drops due to resource problems in "show asp drop"

kevin.jones1 Mon, 11/05/2007 - 14:21
User Badges:

Your email said it all. You're using

Early Deployment (ED) code which is very

unstable. It is ED. Very likely that it

is a bug. Try version 6.3(5) which is

GD and see if the problem goes away.

Downgrade from 7.2 to 7.1 didn't help you

right? you downgraded from one ED to another


bauer.juergen Tue, 11/06/2007 - 07:12
User Badges:

just to mention it: 7.0.7 is also GD - after 2 years of pix os version 7 :-)


This Discussion