Greetings,
We have a Cisco Pix (525) that requires doing a clear xlate command about once daily when people randomly do not have access to outside websites.
If I do a sho xlate after it clears and we are not roaming to a good portion of the range we have.
Any ideas as to what is causing this? The config is right and there are no virus issues.Let me know what you might think is causing this.
Thanks much,
Toni
I gather that you imply that you have a global (outside) IP range but no global (outside) PAT, and that you are finding that even though your outside IP range is not being fully used, that you are running out of connection IPs.
If that's the case, it would be interesting to see the syslog messages. Also, I would cross-check to see whether the global IP range overlaps with one of the statics -- that's unsupported except if the static is a PAT.
FYI:
523 for the OS xlate is set at 5 seconds currently. We have had it 3 hours and 30 minutes as well and have had this problem at both. Here's more information: nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 sho global global (outside) 1 134.241.46.1-134.241.46.254 global (outside) 1 134.241.84.1-134.241.84.254 global (outside) 1 134.241.171.1-134.241.171.254 global (outside) 1 134.241.159.85-134.241.159.240Hopefully this helps.
Thanks, Toni P.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.