pix515E internal traffic

version 6.3(4)

It was working fine until I made a change, initially i have this configuration:

global (outside) 1 AA.BB.CC.20-AA.BB.CC.25

global (outside) 1 AA.BB.CC.26

where AA.BB.CC.x are public IPs

but, for a businnes request I have to setup my pix to use only one IP, so I modified/removed and finally I have this:

global (outside) 1 AA.BB.CC.20

but some days after the change, I have problems with the internal traffic, so my internal pcs can't access internet, after some test I found the "solution"

it is run the command RELOAD in the PIX.

This problem appear each 2 days aprox.

Can you give an idea what is wrong???

Re: pix515E internal traffic

Turn on syslog and it will probably tell you that you are running out of translations. Next time it happens try a "clear xlate" instead of a reload and if that fixes it then that's your issue. Syslog messages will tell you exactly the cause of the problem though.

If you are running out of translation slots then you hve to add another global command as such:

global (outside) 1 AA.BB.CC.21

As for why this has started happening "some days after the change", I would say it is more to do with an increased amount of traffic on your inside network, rather than you making this config change (whih shouldn't affect anything). The timing of it was merely coincidental.

