Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

internet problem with PAT

Users behind the PAT are have problem to access to the internet, to the different sites. The sites are opened are very slowly or not opens. In ASA log i view this one:

Teardown TCP connection 1027324458 for outside: xx.xx.xx.xx/80 to inside: xx.xx.xx.xx/49843 duration 0:00:30 bytes 0 SYN Timeout

But users behind the NAT have not these problems.

  • Firewalling
3 REPLIES

Hi, This happens because 3

Hi,

 

This happens because 3-way handshake process was not able to complete within the timeout limit set on ASA. In general it should not be problem with ASA.... might be the load on to the PAT ip very high... mean the number of translations is more.....

 

Also make sure that you shouldn't have an overlapping rule in place... PAT and static NAT overlapping....

 

Regards

Karthik

New Member

Maybe this can help someone.

Maybe this can help someone. I did failover to another asa, and reload primary, then returned to primary. Now everything is working fine.

Nice to hear that you were

Nice to hear that you were managed to solved the problem. But you can make it sure, when you have the full load and xlate count is very high..... This never happens in a generic circumstance...

 

Regards

Karthik

45
Views
0
Helpful
3
Replies
This widget could not be displayed.