Was this NAT or PAT? If PAT, and the client kept on trying to open up new connections, the source port would probably be different for each, thus a new xlate in the translation table.
Cheers1 -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. ""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > I don't understand why the xlate table would grow. I can understand the > connections table growing, sure, but did the PIX really re-translate the > same internal address over 7000 times in just few minutes? > > John > > >>> Scott Roberts 3/13/03 11:08:29 AM >>> > strange that it would create another translation instead of using the old > one?? I suppose its more an error in the client software thinking it still > has a valid server connection and tries to open a brand new one then. > > the only thing that comes to my mind would be to expire your translations > faster, but I've never done this, so I don't even know if its possible. > > scott > > ""Manny"" wrote in message > news:[EMAIL PROTECTED] > > I ran into a situation today where we had a machine that was trying to FTP > > through the firewall. We allow FTP outbound. The problem that came up was > > that the user had no idea that an FTP client was setup on his machine. The > > FTP client (spyware) kept trying to connect to a server (ispynow.com) > using > > the incorrect user name and password. For every attempt an xlate entry was > > created. It created about 7000 entries in a matter of minutes. The > firewall > > was paralyzed. I had to console in and look at the xlate table. Even > through > > the console I had a hard time viewing the table. Is there any way to > prevent > > this from happening again?This is the second time this year an incident of > > this nature with the xlate table has occurred. How can I monitor the xlate > > table for strange behavior? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65638&t=65095 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
