10-16-2003 08:46 AM - edited 02-20-2020 11:02 PM
I'm using a global NAT pool that spans 5 Class C subnets and I am NAT'ing all internal hosts to that pool. Strange behavior is that I am running out of translations, it stops handing out translations when it reaches somewhere in the area of 650 translations.
Here's my nat config:
global (outside) 1 152.157.168.1-152.157.172.254
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
What's really strange is that certain addresses are skipped as translations are handed out. It seems to be following a pattern of handing out addresses: 1,2,5,9
Any ideas?
10-16-2003 09:31 AM
Scott -
Have you tried command: clear xlate, and see if you get the same problem. Also which pix ios and pix model, i.e. 501/506/515 etc.
Thanks -
10-16-2003 10:46 AM
HI,
CAn you see how many translations are being built up.
"show xlat count"
What if some inside PC's are infected with virus/worm and sending spoofed IP packets towards/across PIX, Hence PIX is making translation for them.
try "show xlat" and find out if any IP other then your inside network is making the entry there.
Additionaly you can try the following
1- Make access-list on the inside interface to only permit your inside network to go through the PIX
2- change the nat(inside) 1 0.0.0.0 0.0.0.0 to
nat (inside) 1
3- apply "ip verfiy reverspath inside" command
4- make a PAT entry e.g. global(outside) 1 interface
Thanks
Nadeem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide