Solved: IOS equivalent to sh conn and sh xlate in PIX

paulkbeyer · ‎10-18-2007

Hey chaps and chapettes.

As the title states, what's the command to track connections through an IOS 12.4 Router with Zone Based Firewalling enabled?

I'm used to getting good output from sh conn and sh xlate on my ASA but I've never tried to do the same thing within IOS.

Help very much appreciated.

Regards

Paul.

Collin Clark · ‎10-18-2007

Paul-

I have not had a chance to play with zone based firewalling yet, but can't wait. I'm assuming that the translations will be the same as using normal interfaces.

show xlate = show ip nat translations

show conn = show ip nat translations verbose

HTH and please rate.

View solution in original post

Collin Clark · ‎10-18-2007

Paul-

I have not had a chance to play with zone based firewalling yet, but can't wait. I'm assuming that the translations will be the same as using normal interfaces.

show xlate = show ip nat translations

show conn = show ip nat translations verbose

HTH and please rate.

paulkbeyer · ‎10-18-2007

Ahhhh! Magic!

Thank you very much, you're a gentleman and a scholar!

Yeah the zone based firewalling makes me feel warm and fuzzy coming from a PIX background into IOS world as it's alot more like that than classic firewalls.. Apart from the supposed performance and administrative benefits it doesn't do much else tho.. apart from WORK I guess! :O)

Thanks again buddy.

Paul.

Collin Clark · ‎10-18-2007

We also use Netscreen firewalls which use zones,glad to see Cisco catching up. Glad the commands helped.