I have a 5520 and using Dynamic NAT. There are times that a client loses Internet connectivity though there is a public IP address NATed to the private IP. My normal solution to this is to "clear xlate". But the problem is that there is a collateral issue affecting other client. Others also loses connectively after I apply the command.
I just want to clear one specific IP and get re-assign another public IP.
I tried the command "clear xlate local xxx.xxx.xxx.xxx (private IP) but does not work.
Any other ASA 5520 command specific to accomplish this?
Thanks in advance.
Does that host have static translation or dynamic? If it is dynamic, it has
to clear the translations. Can you check the translations before and after
the clearing? It could be that as soon as you clear the translations, the
client tries to build new connections and the entries show up again.
Also, you could clear the local-host table entry for that host to see if
that fixes the issue. If you are still having issues (after clearing
NAT/Local-host), then change the timeout values on the firewall. Typically
the idle timeout is set to 1 hour or more. Change that to a lower value and
see if that helps.