I'm expreiencing a problem in the FWSM on the company. The virtual context stops doing NATs suddenly and the servers behind it get no access to anything.
The firewall has several static policy nats with port forwarding configured on the Inside interface, and we have figured out that the ARP table becomes really large and it's crating an entry for each host in the outside, that's a lot of hosts.
access-list Lilian-Inside_nat_static_4 extended permit tcp host 192.168.5.118 eq www any
The mac 0024.c4c0.b980 belongs to a 7600 cisco router, the topology is like this:
Connection to office
There are 2 IPs availables, and both of them are used with port forwarding.
The nats are created that way by the ASDM.
We have realized that this context uses most of the CPU of the entire FWSM, so we limited the number of xlates alowed in order to avoid affecting performance on other contexts, but the problems with our customer continues.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...