Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

The PIX Firewall 500 series does not pass PAT traffic. SSH and Telnet connections fail in the PIX with software version 6.x

What is PAT?

Port address translation (PAT) is a function that allows multiple users within a private network to make use of a minimal number of IP addresses. Its basic function is to share a single IP public address between multiple clients who need to use the Internet publicly. It is an extension of network address translation (NAT).Port address translation is also known as overload or port overload.

Core issue

Static Network Address Translation (NAT) works in PIX Firewall version 6.3(1). However, global Port  Address Translation (PAT) does not work properly.

When the PIX configuration is changed to use global PAT, all Telnet and Secure Shell (SSH) connections fail.

Note: Even the clear xlate command does not resolve the issue.


For a workaround, upgrade the PIX software to version 6.3(3) or later.

Refer to Software Download: Cisco PIX Security Appliance Software.