Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
3
Helpful
1
Replies

xlate hitting max of 49000

jreed
Level 1
Level 1

‎09-12-2006 12:33 PM - edited ‎03-09-2019 04:10 PM

we're working on a new network...PIX 515e with 128M ram. We are seeing dropped connectivity and noticed the problem happen when the xlate count hit 49000. We clear xlate and the problem goes away for about 5-10 minutes.

Is there any way to increase the xlate limit? We tried creating a nat pool per various subnets inside, but it didn't change the global count.

We ahve about 2200 students who I'm sure have tons of p2p apps causing the issue.

Any suggestions?

thanks!!

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎09-12-2006 09:15 PM

hello ,

PIX 515E supports a maximum of 1,30,000 connections. since there are close to 49,000 NAT translation entries, and if each xlate has 3 connections, it almost its the max connections that the PIX supports. Under this circumstance i think it will start dropping packets...

anyway you can decrease the xlate timeout value, which can clear out unused xlate connections... other than that, i think the hardware designed for such a high userbase is not correct. for 2200 users , you should have probably looked for a higher end PIX or ASA. also see if there are any virus problems on ur network, which has increased the xlate table...

hope this helps.. all the best.. rate replies if found useful..

Raj

Customers Also Viewed These Support Documents