Cisco Support Community
Community Member

PIX-515-UR - Cannot Ping.

Hi All:

I'm not sure why this is happening but whenever there is a large amount of Users or Traffic on our PIX Firewall it locks up.

You can't even Ping the Inside or Outside Interfaces.

But I can console into the firewall. the only fix is to reload the firewall or power cycle.

Anyone else ever have this problems??? and is there a solution???

I"m running the newest code v.6.2.2 ED.

And I have the VPN Acc, Unrestricted Licencing Cards installed, with 64mb of ram.

Please help!!!!!

if anyone needs further information please note...


Community Member

Re: PIX-515-UR - Cannot Ping.


Sounds like you are running out of address in your nat pool. I am going to guesst that you do not need to reload or pc the pix to clear up some connections. You could issue a "clear xlate". This will DROP ALL CONNECTIONS.

You need to look at your global statement. You could use PAT if your address pool is very small. By default the PIX will use NAT until the last address is handed out. Then use PAT on the last address in the pool until an address is opened. The default time out for address to return to the pool is 3 hours.

Try this.

global (outside) 1 interface

This will force the PIX to use pat for your outbound traffic.

Let me know if this helps,


Community Member

Re: PIX-515-UR - Cannot Ping.


I have enough IP's in the Global Address Group and I also have PAT enabled just incase we ever go over.

I'm just not sure why the PIX lockes up like that.

It will work fine for about 2 weeks, then we have high volume traffic and it will lock up and we cannot ping it from any where on campus.

I can console in and look at the xlate table and clear, but the connections will not re-establish. It's like the PIX just locks up and will not respond till I reboot it.

We didn't have these problems in the summer when the Internet Traffic was low.

It has started since the students came back on campus.

I would say we have about 700 users connecting through the PIX during the day.

Thanks for all the help.


Community Member

Re: PIX-515-UR - Cannot Ping.


Can you cut some of the config into a replay? I would like to see a "sh hard" and the config fromt he global down to the timeouts. I find it strange that it only stops working during period of high usage.

What happens with you issue: "sh cpu usage"

I guess that you could just be running out of connections... What is the hight number when you issue: "sh xlate"

This sounds like a great time to get the syslog server up and running. Let you see what is going on.


Community Member

Re: PIX-515-UR - Cannot Ping.


Thanks for all the help.

I got the syslog running right now!!!! Kiwi SysLog....

I will keep you posted.



CreatePlease to create content