Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > FWSM: Strange xlate and lost connectivity

Reply
Thread Tools

FWSM: Strange xlate and lost connectivity

 
 
Hoffa
Guest
Posts: n/a
 
      10-09-2007
Hi

I've had some really weird problems with my FWSM after a migration
this weekend.
The network as set up as seen below, "ApplicationNet" and "UserNet"
have the same security level and I have "same security permit intra
interface" enabled.

Internet
|
|
FWSM----ApplicationNet
|
|
UserNet

I have a static set up to redirect web traffic to a server on our DMZ,
and this is causing me alot of problems.
Suddenly the users from the Internet cannot access the web service and
neither can anyone on the UserNet.
I do a show xlate detail and get the following result


Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
o - outside, r - portmap, s - static
1223 in use, 10418 most used
NAT from INTERNET:217.15.245.131 to INTERNET:217.15.245.131 flags Ii

I do a clear xlate on the global IP and the same show command then
gives

Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
o - outside, r - portmap, s - static
1168 in use, 10418 most used
NAT from DMZ:192.168.144.201 to INTERNET:217.15.245.131 flags si

And once again the web service is accessible. Then later the same day
I get the same problem again and can't see anything on the syslogs
despite running on debug level.

Whats going on here?
/Fredrik

 
Reply With Quote
 
 
 
 
sivakumar sivakumar is offline
Junior Member
Join Date: Sep 2008
Posts: 1
 
      09-25-2008
Hi,

Try nat 0 command on the host

the syntax as below

nat (interface) 0 ---ip_add--- ---mask--- tcp 0 1000

0 - infinte genuine conn]
1000 - max embryonic connections

ip_add -- ip address of the host which disconnects often

give a look on nat 0 command usage..

try and reply..

bye...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 506E Deny inbound (No xlate) tcp jan david dijk Cisco 6 01-07-2009 09:24 PM
PIX problem - clear xlate fixes connectivity Ben Beechick Cisco 1 10-15-2005 10:19 PM
PPTP xlate error gobris Cisco 0 03-02-2005 09:15 AM
XLATE on PIX seems to be messed up Matt Cisco 5 05-11-2004 10:51 PM
Re: Setting xlate=500 on the PIX.... Walter Roberson Cisco 0 07-17-2003 01:12 AM



Advertisments