Hi again,

Thank you everyone who was involved in conversation.

I have been out for a while so was not able to update this post.
However since my absence, there was no problem with firewall at all.
So upgrading IOS to 7.2(1) seems fix the problem!

Thanks everyone again for all the help you give.

Regards,
Yuriy


CK wrote:

> That seems to be OKAY
> IS there any kinds of rules running on any interface e.g. Access-list
> and what the NAt traslations on PIX.
>
>
>
> CK
>
> Yuriy wrote:
> > Hi,
> >
> > Thanks again for your help.
> > Yes, reverse path verify is enabled on both interfaces and XLATE
> > timeout is set to 3:00:00.
> >
> >
> > Regards,
> > Yuriy.
> >
> >
> >
> > CK wrote:
> >
> > > Okay i understand the confidiantiality .
> > >
> > > Do you have IP reverse path verify enable for IP Spoofing on both the
> > > interfaces.
> > > What is the idle time for minimum XLATE translation?
> > >
> > >
> > > CK
> > >
> > >
> > > Yuriy wrote:
> > > > Hi,
> > > >
> > > > Thank you for your reply.
> > > > Unfortunately not. Company policy does not allow me to do so.
> > > > But I would appreciate any clues you have.
> > > >
> > > > Regards,
> > > > Yuriy.
> > > >
> > > > CK wrote:
> > > >
> > > > > Can you post PIX config ??
> > > > >
> > > > >
> > > > > Yuriy wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I wonder is someone seeing something similar before.
> > > > > > I'm experiencing very strange problem but first briefly about
> > > > > > configuration.
> > > > > > I got PIX 515E v7.0(2) on the front and ISA Server and a couple of
> > > > > > other computers on DMZ zone.
> > > > > > So after some time of using internet trough ISA server, users loosing
> > > > > > ability to browse, there is no incoming SMTP messages as well, but
> > > > > > other computes on DMZ can access internet with no problem.
> > > > > > Usually simple restart of firewall will fix it.
> > > > > > Once i check translation state show xlate and it displays around 300 of
> > > > > > PAT translation to ISA server. I'm not sure if this is normal but after
> > > > > > running clear xlate, clients starts browsing internet again.
> > > > > >
> > > > > > What is happening?
> > > > > > Any ideal will be appreciated.
> > > > > >
> > > > > > Regards,
> > > > > > Yuriy.