Re: [fw-wiz] PIX 6.1 xlate issues
- From: "kevin horvath" <kevin.horvath@xxxxxxxxx>
- Date: Wed, 3 Sep 2008 19:18:41 -0400
this sounds odd. if it was an xlate issue with it getting overwhelmed
then not just the dns server but other devices would also have
connectivity issues. You should increase you logging level to
informational and see what the logs say when you encounter this issue.
I did have a similiar issue years ago (details are kind of hazy now)
but it involved the dns fixup. Try increasing your fixup to something
like 1024 since there shouldnt be a reason for dns packet to get
larger then this (fixup protocol dns maximum-length 1024) or just
disable dns fixup altogther and see if that resolves your issue. This
was due to the connection table filling up due to exchange making
abnormally large dns queries.
Kevin
On Wed, Aug 20, 2008 at 2:02 AM, B Shivanthan <shivi@xxxxxxxxxxxxxx> wrote:
Hello there,_______________________________________________
I am using a PIX 6.1 (I know its quite old and replacement procedures
already in place) and facing problems with xlates getting
overwhelmed. I have this firewall serving our corporate network, where I
have a proxy server, SMTP server, DNS server and about 1500 users
browsing the web through the proxy, along with other servers which I do
static NAT on.
Overtime, my SMTP server loses connectivity with the DNS server (residing
outside the firewall) for name resolution and the only
remedy to this is to clear the xlate. I've set the xlate timeout to as low
as 30 mins, but the problem still persist.
Does anyone know of any resolution to this problem ?
Many thanks
Regards
Shiv
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] PIX 6.1 xlate issues
- From: B Shivanthan
- [fw-wiz] PIX 6.1 xlate issues
- Prev by Date: Re: [fw-wiz] PIX515 Inside NAT to private addresses through P2PTunnel
- Next by Date: Re: [fw-wiz] PIX515 Inside NAT to private addresses through P2PTunnel
- Previous by thread: [fw-wiz] PIX 6.1 xlate issues
- Next by thread: Re: [fw-wiz] PIX 6.1 xlate issues
- Index(es):
Relevant Pages
|
