I am currently having the problem of running out of ports avaiable to connect ot the Internet. I want to upgrade the IOS but it seem to make more since to move onto model 515. I about 150 user with a cisco 1603 on the outside of the firewall. and a Catalyst 5000 on the inside. I have about 6 private networks on the inside of the firewall connect to about seven remote site.Please recommend solutions
4.1(5) is actually pretty good code. Upgrading it probably wont fix the problem. When you say you are running out of ports, what do you mean? Are users getting denied access through the firewall? What does your syslog say? Unable to find translation is probably what you are seeing. First, do a sh time and look at you timeout xlate and conn timers. These should be 01:00:00 each at best. Do a sh conn during peak times or when the traffic stops passing. What is the most used value and remaining value? Do they exceed the license you purchased with your PIX? If you have a 256 or 1024 license you may just need to upgrade your user license. Finally, check your global (outside) 1 pool and make sure there are enough addresses in there for all your users. In any case, turn on Port Address Translation by adding another global (outside) 1 pool with just a single address (you may need to remove your first pool, wr mem, reload, add it back in less one address, then add another one for port address translation with the remaining address.
If you do all that and its still acting up, let us know more specifically what the symptoms are
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...