I have found PIX boxes to be lossy.  I never figured out the problem
precisely (my computers, but not my firewall), but basically it seemed
like state entries were lost from time to time.  I suspected that some
limit on total number of entries was being exceeded.  The problem was
removed by changing my host's IP addresses to be "not filtered" (being
NetBSD rather than Windows, they didn't need this "help").


I would set up tcpdump to capture traffic on an overnight run both on
your server and on a client that fails.   Then figure out what the
firewall did wrong, or if it's something else.




-- 
        Greg Troxel <gdt AT ir.bbn DOT com>