i have a web server on the dmz leg of pix firewall 525 (version 6.3). the server is listening on port 4443. there are clients of this server on internet (coming from the outside interface) and also in the local network (the inside interface).the clients both from inside and outside send their requests on port 443 (https) to this server and the firewall makes port redirection and forwards the requests on the destination port 4443 to the server which is on the dmz.
i have made port redirection with static command for both outside and inside connections. it usually works fine however from time to time the internet clients can not reach to the server while at the same time the internal clients do not have any problem of accessing to the server. when this problem happens i reset the xlate table with "clear xlate" command and then it works from internet also.however sometimes this problem occurs frequently and creates quite a big trouble as it requires resetting all the connections established through the firewall.
the strange thing is that it works fine for a long period and then a problematic period begins for the internet clients when i have to reset the firewall's xlate cache manually in order to reestablish the connections for the internet clients.
here are the static commands i have in the configuration :
Re: port redirection from outside and inside to dmz
It will be difficult to say without looking at the configurations and running some diagnostics. I am also wondering how "clear xlate" command can affect a static translation. How many users are connecting to the server from the Internet at the same time?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...