Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

C4006 WITH SUPII AND Pix 515 ver 6.3

I am a strange problem

I have serval servers on inside

and internet user can access normally

but when I key "clear xlate" command or reboot the firewall

some server can not access from outside

unless I go to the server and key ping command to outside (like Isp DNS)

the server become normal and internet user can access again

why ??


Re: C4006 WITH SUPII AND Pix 515 ver 6.3

How are you exposing that server to the outside? With a [static], [nat 0 x.x.x.x y.y.y.y], [nat 0 access-list xxx], or [nat,global]?

New Member

Re: C4006 WITH SUPII AND Pix 515 ver 6.3


assume my server is

my command is only

nat (inside) 0


but, after I key the question

I try a method and key the command

static (inside,outside)

everythiing is OK

I do not understand the command means

static (inside,outside)

Woud you explain that ??

Thanks a lot


Re: C4006 WITH SUPII AND Pix 515 ver 6.3

The static command is the proper one to use for this. "static" meaning a permanent translation that does not time out.

static (pre-nat interface, post-nat interface) pre-nat-address post-nat-address netmask x.x.x.x

Your use of the nat 0 command created a dynamin no-nat entry that is created when traffic is sent from inside to out. Translations timeout when no traffic is sent from the inside host for the configured time period, thus making the host unavailable. When you would ping out, the translation was built again.

You can accomplish this with Nat 0 using an ACL. Nat 0 commands using ACLs also make permanent entries in the translation table.