We help IT Professionals succeed at work.
Get Started

Cisco PIX 515 building invalid translation for internal IP.

smartine
smartine asked
on
8,796 Views
Last Modified: 2013-11-16
I have configured a Cisco PIX 515 with multiple interfaces / DMZs and all connections, traffic, etc. works well for hours, sometimes days. There is also a Cisco CSS 11050 that has multiple circuits, one for a presence in each DMZ. In one example there is VIP that exists in a DMZ called cert1 and external access is permitted to this VIP. All traffic reaches this VIP, it redirects to the real servers, and everything works well. Every so often (at least once a day now) this VIP becomes unreachable. If I look at the xlate that exists for this VIP it turns out to be invalid.

For example, when everything is working the NAT translation looks like this:

NAT from cert1:ccssbc to outside:ccssbc flags s

When it fails it looks like this:

NAT from support1:ccssbc to outside:ccssbc flags I

Note that the VIP thinks it exists on the support1 interface which causes all traffic to fail. Clearing the xlate for this NAT causes everything to work fine. Cisco isn't quite sure what it may be, they think it may be a bug.

Any ideas?

Thanks!

-Samson
Comment
Watch Question
Commented:
This problem has been solved!
Unlock 1 Answer and 24 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE