11-14-2007 08:15 PM - edited 03-09-2019 07:23 PM
For a couple of times we had to clear xlate for a particular machine on FWSM.
Background:
1.Server is able to ping till the interface ip of the FWSM.
2.Server is not able to connect on any port to ohter servers in other VLANS.
Appreciate your help on this.
11-20-2007 02:39 PM
There are some NAT commands that are involved in an access-list change, like NAT0ACL and policy NAT. In these 2 cases, a change in the access-lists implicitly changes the rules of the NAT, and a 'clear xlate' is required. Refer usage guidelines of http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/command/reference/c.html#wp1217767. Generally this can also happen when the ip addresses are not available for translation. If this is the case you can consider implementing PAT.
12-02-2007 11:50 PM
clear xlate normally require when there is no further IPs are left for translation between private and public IP.you can reduce the refreash time . I guess bydefault it is 3 days.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide