I assume you are using NAT 0.
If so upgrade to 5.3.1 (no I don;t work for TAC but
NAT 0 has many problems.)
Are you using another NAT (NAT 1 or something) on top
of your NAT 0? Are you suing statics from low to
high?
Do DEBUG ICMP TRACE and ping when you are experiencing
problems and see if the translation is happening
properly.
Moe.
--- Allen May <[EMAIL PROTECTED]> wrote:
> CLEAR XLATE helps ;)
>
> Also, see how many connections you are licensed for.
> You may be either out
> of licenses or NAT may be out of physical addresses
> to use for a connection.
> Streaming connections hog up a big portion of NAT
> addresses. There is a
> show command to show how much of your pool is being
> utilized...can't
> remember if it was SHOW CONNECTIONS or something
> else off the top of my
> head.
>
> ----- Original Message -----
> From: "Alex Lee" <[EMAIL PROTECTED]>
> Newsgroups: groupstudy.cisco
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 14, 2001 8:12 AM
> Subject: PIX 515 Firewall problems
>
>
> > Group,
> >
> > We have a PIX 515 for a year now. There is one
> recurring problem which we
> > still cannot resolve. We opened case and talked to
> TAC at least two times.
> > Each time we were told to upgrade the code. We are
> now running version
> > 5.2(3).
> >
> > Here is our issue :-
> >
> > We are using static public IP adddresses on all
> our servers and computers.
> > Our subnet is flat. After we installed the PIX we
> noticed that once in a
> > while one or two computers could not go out to the
> interenet. They could
> do
> > anything internally. Our work-around to this
> problem is simply change the
> > computer's original IP address to another one.
> Then it worked just fine. A
> > day later we could give the computer its old IP
> address and it would work
> > just great.
> >
> > We did turn on the debug and saw that the PIX was
> trying to build an
> > outgoing tcp connection for the computer which was
> having problem. This
> > particular outgoing connection was never
> established.
> >
> > Can anyone out there shed some light ?
> >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
_____________________________________________
Moe Tavakoli
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
