Problem with Xlate table.

I have a Pix 515 firewall and all of the sudden I am having trouble with servers that are in my DMZ.  I use What is up Gold to monitor the servers in the DMZ. The problem that I am having is that I will get error message stating that the monitoring server cannot connect to the servers in the DMZ.  One of the server is Web server.  When I get this error I have trouble connecting to web sites on the server.  The problem is corrected when I log onto the Pix and clear the xlate table.  I have verion 6.3(3) OS installed on the pix.  I do not have a maintenacne contract on the pix so I assume that I cannot get a newer OS version. I am not an expert with Cisco equipment so any help I can get in solving this problem would be appreciated.
LVL 1
adsnetcurveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
If you do a "sh xlate" command from the CLI, how many translations show up?  Also, what is the xlate timeout value in your config?  It will be listed as:

timeout xlate 3:00:00

The example above has a xlate timeout value of 3 hours.

If you have a lot of translations building up in your xlate table, then you may be able to implement a workaround by dropping the value down to a lower value, say 30 minutes:

timeout xlate 0:30:00

However, I would try to find out the ultimate cause of the large amount of translations if this is happening.
0
adsnetcurveAuthor Commented:
OK I did a sh xlate and I had 117 entries with a max of 153.  My time out is set to three hours.  Would you recommend shortening that time?  Also what iis the effect of that be on the pix?  I assume I will have less entires in my xlate table, but will I experience any other problems due to the shorten timeout value?
0
batry_boyCommented:
>>Would you recommend shortening that time?

117 entries should not be causing any performance issues on your PIX.  It doesn't look like you need to reduce that timeout value right now.  If it were in the thousands, then I would be concerned, but 117 is not anything to worry about.

Post your sanitized configuration so we can see if there is anything in there that could be causing the behavior you are seeing...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
adsnetcurveAuthor Commented:
I appreciate you help.  The problem seems to have resolved itself
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.