Re: Setting xlate=500 on the PIX....

Discussion in 'Cisco' started by Walter Roberson, Jul 17, 2003.

  1. In article <>,
    Masud Reza <> wrote:
    :I have a /24 and I want to fix the number of xlate table entries to
    :500 on the PIX which is running 6.3. What is the best way to do this?.

    I do not think it can be done on the PIX.


    :Will using the following statements restrict the number of xlates (not
    :connections) to 500??

    :nat (inside) 1 0 0 500

    No.

    "The connection limit lets you set the maximum number of outbound
    connections that can be started with the IP address criteria you
    specify."

    Connections are, as you hint, not the same as xlates: you can have
    closed connections for which the xlate has not yet expired. Even with
    PAT, xlates persist a little after the connection has closed, so that
    the PIX can cleanly handle delays in propogating the connection
    closure to the end end of the link.
    --
    WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,vonNeumann}D ?
     
    Walter Roberson, Jul 17, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jan david dijk

    PIX 506E Deny inbound (No xlate) tcp

    jan david dijk, Feb 8, 2004, in forum: Cisco
    Replies:
    6
    Views:
    12,210
    huyhong
    Jan 7, 2009
  2. Matt
    Replies:
    5
    Views:
    3,855
    Walter Roberson
    May 11, 2004
  3. Scott Townsend

    PIX xlate Timeout or Logging?

    Scott Townsend, Apr 20, 2005, in forum: Cisco
    Replies:
    3
    Views:
    3,626
    Walter Roberson
    Apr 20, 2005
  4. Ben Beechick
    Replies:
    1
    Views:
    5,510
  5. lfnetworking

    pix static xlate doesn't trigger

    lfnetworking, Dec 12, 2005, in forum: Cisco
    Replies:
    1
    Views:
    393
    jdsal
    Dec 14, 2005
Loading...

Share This Page