problem with pix515/pixos 6.3 running and xlate tables

["Jerry B. Altzman" <jbaltz () altzman com>]

Hi,

I've got a problem with a pix 515E running 6.3(5) PIXos

It appears that every now and again, one of their computers on the
inside interface will lose connectivity (for no apparent reason--nothing
at log level "INFO" or above to indicate a problem) to the outside
world. I tried many things (maybe there was some bizarre entry in an ACL
I was missing, maybe one IP address was blackholed somewhere, I couldn't
tell.)

Finally, this morning, I did a

> clear xlate

and the problem vanished.

Now, manual intervention for a sporadic problem isn't a really good
thing. Is there some known issue with this train of PIXOS that causes
one translated IP (out of a group of 14-16, the others of which are OK)
to be blackholed? Some internal table overflow?

(Breaking news flash: I also just found out that the clock on the PIX
was WAAAAY off -- must never have been set or just lost its way and
there was never any NTP configuration in the box, so I have it syncing
now off of pool.ntp.org...and the time is correct now.)

Possibly pertinent info:
> xxxxpix1# show ver
>
> Cisco PIX Firewall Version 6.3(5)
> Cisco PIX Device Manager Version 3.0(0)141
>
> Compiled on Thu 04-Aug-05 21:40 by morlee
>
> xxxxpix1 up 9 days 15 hours
>
> Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
> Flash E28F128J3 @ 0x300, 16MB
> BIOS Flash AM29F400B @ 0xfffd8000, 32KB
>
> Encryption hardware device : VAC (IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.
> 5)
> 0: ethernet0: address is 000c.3053.xxxx, irq 10
> 1: ethernet1: address is 000c.3053.xxxx, irq 11
> 2: ethernet2: address is 00e0.b606.xxxx, irq 11
> 3: ethernet3: address is 00e0.b606.xxxx, irq 10
> 4: ethernet4: address is 00e0.b606.xxxx, irq 9
> 5: ethernet5: address is 00e0.b606.xxxx, irq 5
> Licensed Features:
> Failover:                    Enabled
> VPN-DES:                     Enabled
> VPN-3DES-AES:                Enabled
> Maximum Physical Interfaces: 6
> Maximum Interfaces:          10
> Cut-through Proxy:           Enabled
> Guards:                      Enabled
> URL-filtering:               Enabled
> Inside Hosts:                Unlimited
> Throughput:                  Unlimited
> IKE peers:                   Unlimited
>
> This PIX has an Unrestricted (UR) license.
>
> Serial Number: 8xxxxxxx9 (0x3xxxxxx7)
> Running Activation Key: 0x3dexxxxx 0x44xxxxxx 0x8xxxxxxx 0xxxxxxxxx

Thanks in advance for any help! I'll summarize to the list, if there are
sufficient responses to do so.

//jbaltz
-- 
jerry b. altzman        jbaltz () altzman com     www.jbaltz.com
thank you for contributing to the heat death of the universe.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards