Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Clearing xlate on PIX

I have a PIX 515 version 4.4(1). Recently, I have been having a problem where either a host is unable to establish a outbound connection through the firewall or certain protocols for host computers cannot go out through the firewall. To resolve the problem I have to clear the xlate. This problem is now occurring about once a week. Any suggestions would be appreciated. Thanks, Mike

2 REPLIES
New Member

Re: Clearing xlate on PIX

How long are you timeout values for tcp, udp, etc...?

You might be filling up your translation table with alot of idle connections. Typically for TCP you want to have timeout value of 10 min and UDP for 2 min.

The show xlate and the show conn will help to see how many idle connections you have.

I hope this helps.

Gonzalo

New Member

Re: Clearing xlate on PIX

An extremely large project that I have been working with has a PIX that exhibited symptoms similar to what you are describing, but a different variation. As a result, we opened a case with Cisco TAC, and I have collected a fair amount of data on this broad type of behavior with corruption of the xlate table. There was a case opened a little over a year ago which matches pretty closely to what you are seeing, and it was not resolved until they upgraded to 4.4(4). So if adjusting the config does not seem to make a difference, I would certainly recommend an upgrade. In their case, they were never able to find a specific cause or bug id, but after that upgrade it never happened again.

Good luck!

222
Views
0
Helpful
2
Replies
CreatePlease login to create content