IOS equivalent to sh conn and sh xlate in PIX

Answered Question
Oct 18th, 2007
User Badges:

Hey chaps and chapettes.


As the title states, what's the command to track connections through an IOS 12.4 Router with Zone Based Firewalling enabled?


I'm used to getting good output from sh conn and sh xlate on my ASA but I've never tried to do the same thing within IOS.

Help very much appreciated.


Regards


Paul.

Correct Answer by Collin Clark about 9 years 6 months ago

Paul-


I have not had a chance to play with zone based firewalling yet, but can't wait. I'm assuming that the translations will be the same as using normal interfaces.


show xlate = show ip nat translations

show conn = show ip nat translations verbose


HTH and please rate.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Collin Clark Thu, 10/18/2007 - 05:25
User Badges:
  • Purple, 4500 points or more

Paul-


I have not had a chance to play with zone based firewalling yet, but can't wait. I'm assuming that the translations will be the same as using normal interfaces.


show xlate = show ip nat translations

show conn = show ip nat translations verbose


HTH and please rate.

paulkbeyer Thu, 10/18/2007 - 05:53
User Badges:

Ahhhh! Magic!


Thank you very much, you're a gentleman and a scholar!


Yeah the zone based firewalling makes me feel warm and fuzzy coming from a PIX background into IOS world as it's alot more like that than classic firewalls.. Apart from the supposed performance and administrative benefits it doesn't do much else tho.. apart from WORK I guess! :O)


Thanks again buddy.


Paul.

Collin Clark Thu, 10/18/2007 - 05:56
User Badges:
  • Purple, 4500 points or more

We also use Netscreen firewalls which use zones,glad to see Cisco catching up. Glad the commands helped.

Actions

This Discussion