|
Posted by CK on November 13, 2006, 1:16 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Do you have IP reverse path verify enable for IP Spoofing on both the
interfaces.
What is the idle time for minimum XLATE translation?
CK
Yuriy wrote:
> Hi,
>
> Thank you for your reply.
> Unfortunately not. Company policy does not allow me to do so.
> But I would appreciate any clues you have.
>
> Regards,
> Yuriy.
>
> CK wrote:
>
> > Can you post PIX config ??
> >
> >
> > Yuriy wrote:
> > > Hi,
> > >
> > > I wonder is someone seeing something similar before.
> > > I'm experiencing very strange problem but first briefly about
> > > configuration.
> > > I got PIX 515E v7.0(2) on the front and ISA Server and a couple of
> > > other computers on DMZ zone.
> > > So after some time of using internet trough ISA server, users loosing
> > > ability to browse, there is no incoming SMTP messages as well, but
> > > other computes on DMZ can access internet with no problem.
> > > Usually simple restart of firewall will fix it.
> > > Once i check translation state show xlate and it displays around 300 of
> > > PAT translation to ISA server. I'm not sure if this is normal but after
> > > running clear xlate, clients starts browsing internet again.
> > >
> > > What is happening?
> > > Any ideal will be appreciated.
> > >
> > > Regards,
> > > Yuriy.
| 
XML site map