Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

High Xlate Count

I have a PIX 515E 6.3(5). Our network is obviously being attacked by viruses and the xlate count is skyrocketing to > 50,000 which basically shuts down our internet. Is there anything I can do on the PIX to block traffic to prevent this from happening. Any advice?

3 REPLIES
Community Member

Re: High Xlate Count

can you please send configuration file.

Re: High Xlate Count

Hi Brian

Please open your PDM or ASDM syslog and check if any critical logs appear. Copy and paste one if any.

And please copy and paste a part of "show xlate debug" output.

If this is a DOS attack, that supposed to be outside oriented. Then we would apply a max session limit to the static you created.

If this is an attempt from inside, most probably the xlate or syslog outputs will show one or two public IP addresses that inside host try to connect. Then we would stop this with an ACL to inside interface.

Regards

Community Member

Re: High Xlate Count

I've had that happen before, and here is a quick work around, it does'nt fix your problem with machines on teh inside having virus's, but it stops them from tying up the outside interface and using up xlate's.

what you need to do is do a show xlate from the CLI, you will start to see a pattern of what internal IP's are using up the xlate sessions, you then SHUN those ip's , this will stop them from accessing the internet, you then do a clear xlate, this disconnects all the current sessions,(interupst FTP's and streaming connections also).

This will buy you some time in order to download the latest DAT's and fix the virus' on the machines you shunned.

Hope this helps..

471
Views
0
Helpful
3
Replies
CreatePlease to create content