PIX 525: Users being denied access to outside internet randomly
Several times a week I am having to clear the xlate table to allow certain users the ability to surf the internet. This happens at different times of the day to different people every time. User can surf the intranet just fine but once they try to get out on the internet they get a "page can't be displayed" in their browser. Also getting input errors as well as overruns on my outside interface, which I have swapped the pix, the switch it's connected to and the cabling. None of this has stopped my errors from going up and I have even downgraded the code from 7.2 to 7.1 and the issue is still happening.
Re: PIX 525: Users being denied access to outside internet rando
How often does this problem occur? I would start by checking the connection and translate timeout values "show timeouts".
You could also do the following:
clear asp drop
Save the output of the following:
"show asp drop"
"show resource usage"
"show cpu usage"
Wait until the problem occurs and save the output of the same commands.
You can use this information to see if you are running into a resource problem.
As well as interface overruns I would also watch for LOW counts of zero in "show blocks" indicating dropping of packets due to block memory exhaustion, high memory usage, high cpu usage, connection limit being reached under "show resource usage". See if you see flow drops and drops due to resource problems in "show asp drop"
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...