Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Pings (ICMP) to the PIX/ASA interface stop for a period of time

Core issue

This issue is documented in Cisco bug ID CSCsb99792.

An Internet Control Message Protocol (ICMP) packet must egress the interface that is used as a global Port Address Translation (PAT) address for dynamic translation being PATed to the interface IP and must be assigned an internal connection source port of zero. It can be seen in the output of the show xlate command, as shown:

PAT Global 10.36.9.2(0) Local 172.16.5.21 ICMP id 512.

The source port in the global address should be zero.

Resolution

For a workaround, either use any other IP address apart from the interface IP address as the global PAT address.

Clear the specific ICMP translation that causes the problem. For example:

clear xlate local 172.16.5.21

Otherwise, refer to Software Download: Cisco PIX Security Appliance Download to upgrade the software versions to any of these:

  1. 7.1(1)

  2. 7.1(0.10)

  3. 7.0(4)

  4. 7.0(3.23)
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:39 PM
Updated by:
 
Labels (1)