Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Question about PIX nat pools

I've got a PIX 525 that has a pool of NAT addresses that looks like:

x.y.170.0 - x.y.175.253

x.y.175.254

Recently, a user had problems with Internet access and I noticed her address was mapped to x.y.174.255. Traceroutes went several hops to their destination and began timing out. Pings worked some places and some places not. I'm assuming some device along the line saw it as a directed broadcast and dropped it. Clearing the translation and allowing it to be assigned again worked and the user had normal access.

- Is my assumption about what happened correct?

- Is it possible to exclude the .255 addresses in that range, or do I need to delete it and put in 6 separate ranges?

- What will be the impact to existing sessions? Will they all be reestablished?

Thanks!

--Steve

1 REPLY

Re: Question about PIX nat pools

- Is my assumption about what happened correct?

Possibly, but hard to say really.

- Is it possible to exclude the .255 addresses in that range, or do I need to delete it and put in 6 separate ranges?

I would recreate the pool and exclude your .0 and .255 addresses (x.x.170.1-x.x.170.254), and you would need to create 170 - 175 (so 6 pools).

- What will be the impact to existing sessions? Will they all be reestablished?

When you remove the global pools to create the separate split pools, the sessions will *probably* be torn down but will be reestablished. I would create downtime to do this. :-)

HTH,

John

HTH, John *** Please rate all useful posts ***
119
Views
0
Helpful
1
Replies
CreatePlease to create content