pix config fun

A friend asked me yesterday about an odd config issue he was running in to while working on a PIX. He had removed all of the statics and access-lists, but it was still allowing traffic in. Right away this light a bulb in my head, as the PIX like any NAT/PAT device does connection tracking. That list may live on even after the static or access-list has been removed. So check your xlates when things aren't working how the config specifies. In addition if possible always clear xlates and clear local when making major changes to your config.

I'm playing around with a 3550 before putting it into service, it seems to be a good bit more complex than my 2950. We'll see if I can make it do anything interesting.