Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 NAT ISSUE - users losing internet connectivity

Hi all,

I have a 5520 and using Dynamic NAT. There are times that a client loses Internet connectivity though there is a public IP address NATed to the private IP.  My normal solution to this is to "clear xlate". But the problem is that there is a collateral issue affecting other client. Others also loses connectively after I apply the command.

I just want to clear one specific IP and get re-assign another public IP.

I tried the command "clear xlate local xxx.xxx.xxx.xxx (private IP) but does not work.

Any other ASA 5520 command specific to accomplish this?

Thanks in advance.

Del

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 5520 NAT ISSUE - users losing internet connectivity

Hello,

Does that host have static translation or dynamic? If it is dynamic, it has

to clear the translations. Can you check the translations before and after

the clearing? It could be that as soon as you clear the translations, the

client tries to build new connections and the entries show up again.

Also, you could clear the local-host table entry for that host to see if

that fixes the issue. If you are still having issues (after clearing

NAT/Local-host), then change the timeout values on the firewall. Typically

the idle timeout is set to 1 hour or more. Change that to a lower value and

see if that helps.

Regards,

NT

4 REPLIES
Cisco Employee

Re: ASA 5520 NAT ISSUE - users losing internet connectivity

Hello,

"clear xlate local "

Hope this helps.

Regards,

NT

New Member

Re: ASA 5520 NAT ISSUE - users losing internet connectivity

NT,

I did use "clear xlate local xxx.xxx.xxx.xxx". It did not work.

Del

Cisco Employee

Re: ASA 5520 NAT ISSUE - users losing internet connectivity

Hello,

Does that host have static translation or dynamic? If it is dynamic, it has

to clear the translations. Can you check the translations before and after

the clearing? It could be that as soon as you clear the translations, the

client tries to build new connections and the entries show up again.

Also, you could clear the local-host table entry for that host to see if

that fixes the issue. If you are still having issues (after clearing

NAT/Local-host), then change the timeout values on the firewall. Typically

the idle timeout is set to 1 hour or more. Change that to a lower value and

see if that helps.

Regards,

NT

New Member

Re: ASA 5520 NAT ISSUE - users losing internet connectivity

NT,

Good point, I will try to wait next time to see if the translation clear after I issue a 'clear xlate local". I will ask the user to connect again to see if he gets connectivity to the Internet.

I also changed the default timeout for translation to a shorter time.

I will not know if I a successful until I the next incident.

Thanks for the help and info.

Del

246
Views
0
Helpful
4
Replies