I've got a PIX 525 that has a pool of NAT addresses that looks like:
x.y.170.0 - x.y.175.253
Recently, a user had problems with Internet access and I noticed her address was mapped to x.y.174.255. Traceroutes went several hops to their destination and began timing out. Pings worked some places and some places not. I'm assuming some device along the line saw it as a directed broadcast and dropped it. Clearing the translation and allowing it to be assigned again worked and the user had normal access.
- Is my assumption about what happened correct?
- Is it possible to exclude the .255 addresses in that range, or do I need to delete it and put in 6 separate ranges?
- What will be the impact to existing sessions? Will they all be reestablished?