IOS equivalent to sh conn and sh xlate in PIX

Answered Question
Oct 18th, 2007

Hey chaps and chapettes.

As the title states, what's the command to track connections through an IOS 12.4 Router with Zone Based Firewalling enabled?

I'm used to getting good output from sh conn and sh xlate on my ASA but I've never tried to do the same thing within IOS.

Help very much appreciated.

Regards

Paul.

I have this problem too.
0 votes
Correct Answer by Collin Clark about 9 years 1 month ago

Paul-

I have not had a chance to play with zone based firewalling yet, but can't wait. I'm assuming that the translations will be the same as using normal interfaces.

show xlate = show ip nat translations

show conn = show ip nat translations verbose

HTH and please rate.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Collin Clark Thu, 10/18/2007 - 05:25

Paul-

I have not had a chance to play with zone based firewalling yet, but can't wait. I'm assuming that the translations will be the same as using normal interfaces.

show xlate = show ip nat translations

show conn = show ip nat translations verbose

HTH and please rate.

paulkbeyer Thu, 10/18/2007 - 05:53

Ahhhh! Magic!

Thank you very much, you're a gentleman and a scholar!

Yeah the zone based firewalling makes me feel warm and fuzzy coming from a PIX background into IOS world as it's alot more like that than classic firewalls.. Apart from the supposed performance and administrative benefits it doesn't do much else tho.. apart from WORK I guess! :O)

Thanks again buddy.

Paul.

Collin Clark Thu, 10/18/2007 - 05:56

We also use Netscreen firewalls which use zones,glad to see Cisco catching up. Glad the commands helped.

Actions

This Discussion