cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
480
Views
0
Helpful
4
Replies

ASA 5520 NAT ISSUE - users losing internet connectivity

Delfino Tiongco
Level 1
Level 1

Hi all,

I have a 5520 and using Dynamic NAT. There are times that a client loses Internet connectivity though there is a public IP address NATed to the private IP.  My normal solution to this is to "clear xlate". But the problem is that there is a collateral issue affecting other client. Others also loses connectively after I apply the command.

I just want to clear one specific IP and get re-assign another public IP.

I tried the command "clear xlate local xxx.xxx.xxx.xxx (private IP) but does not work.

Any other ASA 5520 command specific to accomplish this?

Thanks in advance.

Del

1 Accepted Solution

Accepted Solutions

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Does that host have static translation or dynamic? If it is dynamic, it has

to clear the translations. Can you check the translations before and after

the clearing? It could be that as soon as you clear the translations, the

client tries to build new connections and the entries show up again.

Also, you could clear the local-host table entry for that host to see if

that fixes the issue. If you are still having issues (after clearing

NAT/Local-host), then change the timeout values on the firewall. Typically

the idle timeout is set to 1 hour or more. Change that to a lower value and

see if that helps.

Regards,

NT

View solution in original post

4 Replies 4

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

"clear xlate local "

Hope this helps.

Regards,

NT

NT,

I did use "clear xlate local xxx.xxx.xxx.xxx". It did not work.

Del

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Does that host have static translation or dynamic? If it is dynamic, it has

to clear the translations. Can you check the translations before and after

the clearing? It could be that as soon as you clear the translations, the

client tries to build new connections and the entries show up again.

Also, you could clear the local-host table entry for that host to see if

that fixes the issue. If you are still having issues (after clearing

NAT/Local-host), then change the timeout values on the firewall. Typically

the idle timeout is set to 1 hour or more. Change that to a lower value and

see if that helps.

Regards,

NT

NT,

Good point, I will try to wait next time to see if the translation clear after I issue a 'clear xlate local". I will ask the user to connect again to see if he gets connectivity to the Internet.

I also changed the default timeout for translation to a shorter time.

I will not know if I a successful until I the next incident.

Thanks for the help and info.

Del

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: