Every 15 minutes or so connectivity from the private network through the PIX stops. Reseting the PIX or clear xlate will restore connectivity. We have tried removing fixup dns and adding ip verify. Show local-host during the outages show only one system actively using the connection with less than 100 total entries.
Any suggestions?
Regards, Ben
PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 . . . . clock timezone PST -8 clock summer-time PDT recurring fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 fixup protocol rtsp 8554 no fixup protocol domain 53 names access-list 101 permit ip any 192.168.50.0 255.255.255.192 access-list outside_cryptomap_dyn_20 permit ip any 192.168.50.0
255.255.255.192 access-list acl_inside permit tcp any any access-list acl_inside permit udp any any access-list acl_outside permit tcp any any access-list acl_outside permit udp any any pager lines 80 logging on logging timestamp logging console informational logging monitor debugging logging buffered debugging logging trap debugging logging history debugging interface ethernet0 100full interface ethernet1 100full mtu outside 1500 mtu inside 1500 ip address outside ..... 255.255.255.240 ip address inside 192.168.0.2 255.255.255.0 ip verify reverse-path interface outside ip verify reverse-path interface inside ip audit info action alarm ip audit attack action alarm drop reset ip local pool ..... 192.168.50.1-192.168.50.50 pdm location 192.168.0.6 255.255.255.255 inside pdm location 192.168.0.14 255.255.255.255 inside pdm location 192.168.0.15 255.255.255.255 inside pdm location 192.168.1.0 255.255.255.0 inside pdm location 192.168.0.0 255.255.0.0 inside pdm logging informational 100 no pdm history enable arp timeout 14400 global (outside) 1 ...... netmask 255.255.255.240 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) ...... 192.168.0.15 netmask 255.255.255.255 0 0 static (inside,outside) ...... 192.168.0.14 netmask 255.255.255.255 0 0 access-group acl_outside in interface outside access-group acl_inside in interface inside route outside 0.0.0.0 0.0.0.0 ...... 1 route inside 192.168.1.0 255.255.255.0 192.168.0.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:00:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server RADIUS (inside) host 192.168.0.6 ...... timeout 10 aaa-server LOCAL protocol local http server enable http 192.168.0.0 255.255.0.0 inside no snmp-server location no snmp-server contact snmp-server community .... no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat . . . . . . isakmp enable outside isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash sha isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 . . . . . . telnet 192.168.0.0 255.255.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 terminal width 80