Problem with Xlate table.

I have a Pix 515 firewall and all of the sudden I am having trouble with servers that are in my DMZ.  I use What is up Gold to monitor the servers in the DMZ. The problem that I am having is that I will get error message stating that the monitoring server cannot connect to the servers in the DMZ.  One of the server is Web server.  When I get this error I have trouble connecting to web sites on the server.  The problem is corrected when I log onto the Pix and clear the xlate table.  I have verion 6.3(3) OS installed on the pix.  I do not have a maintenacne contract on the pix so I assume that I cannot get a newer OS version. I am not an expert with Cisco equipment so any help I can get in solving this problem would be appreciated.
LVL 1
adsnetcurveAsked:
Who is Participating?
 
batry_boyConnect With a Mentor Commented:
>>Would you recommend shortening that time?

117 entries should not be causing any performance issues on your PIX.  It doesn't look like you need to reduce that timeout value right now.  If it were in the thousands, then I would be concerned, but 117 is not anything to worry about.

Post your sanitized configuration so we can see if there is anything in there that could be causing the behavior you are seeing...
0
 
batry_boyCommented:
If you do a "sh xlate" command from the CLI, how many translations show up?  Also, what is the xlate timeout value in your config?  It will be listed as:

timeout xlate 3:00:00

The example above has a xlate timeout value of 3 hours.

If you have a lot of translations building up in your xlate table, then you may be able to implement a workaround by dropping the value down to a lower value, say 30 minutes:

timeout xlate 0:30:00

However, I would try to find out the ultimate cause of the large amount of translations if this is happening.
0
 
adsnetcurveAuthor Commented:
OK I did a sh xlate and I had 117 entries with a max of 153.  My time out is set to three hours.  Would you recommend shortening that time?  Also what iis the effect of that be on the pix?  I assume I will have less entires in my xlate table, but will I experience any other problems due to the shorten timeout value?
0
 
adsnetcurveAuthor Commented:
I appreciate you help.  The problem seems to have resolved itself
0
All Courses

From novice to tech pro — start learning today.