Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > FWSM: Strange xlate and lost connectivity

Thread Tools

FWSM: Strange xlate and lost connectivity

Posts: n/a

I've had some really weird problems with my FWSM after a migration
this weekend.
The network as set up as seen below, "ApplicationNet" and "UserNet"
have the same security level and I have "same security permit intra
interface" enabled.


I have a static set up to redirect web traffic to a server on our DMZ,
and this is causing me alot of problems.
Suddenly the users from the Internet cannot access the web service and
neither can anyone on the UserNet.
I do a show xlate detail and get the following result

Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
o - outside, r - portmap, s - static
1223 in use, 10418 most used
NAT from INTERNET: to INTERNET: flags Ii

I do a clear xlate on the global IP and the same show command then

Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
o - outside, r - portmap, s - static
1168 in use, 10418 most used
NAT from DMZ: to INTERNET: flags si

And once again the web service is accessible. Then later the same day
I get the same problem again and can't see anything on the syslogs
despite running on debug level.

Whats going on here?

Reply With Quote
sivakumar sivakumar is offline
Junior Member
Join Date: Sep 2008
Posts: 1

Try nat 0 command on the host

the syntax as below

nat (interface) 0 ---ip_add--- ---mask--- tcp 0 1000

0 - infinte genuine conn]
1000 - max embryonic connections

ip_add -- ip address of the host which disconnects often

give a look on nat 0 command usage..

try and reply..

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 506E Deny inbound (No xlate) tcp jan david dijk Cisco 6 01-07-2009 09:24 PM
PIX problem - clear xlate fixes connectivity Ben Beechick Cisco 1 10-15-2005 10:19 PM
PPTP xlate error gobris Cisco 0 03-02-2005 09:15 AM
XLATE on PIX seems to be messed up Matt Cisco 5 05-11-2004 10:51 PM
Re: Setting xlate=500 on the PIX.... Walter Roberson Cisco 0 07-17-2003 01:12 AM