Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Automate command execution in ASA-5520

Dear All,

I have Cisco ASA 5520 running in my setup and want to execute "clear xlate" command at every 1 hr interval. Can anybody help me to automate the same like cronjob in linux.

Thanks in advance for your kind support.

Community Member

Automate command execution in ASA-5520

You could use the call-home feature to let the asa execute your commands, clear xlate would be possible.

If you want to do send the commands via cronjob, use expect-scripts. There are many examples on the net how to use them.

But why do you want to clear the translations hourly?

Community Member

Automate command execution in ASA-5520

Thanks Frederic for your reply.

I have gone through Call Home setup commands but not able to get exact steps to follow "clear xlate" command as most of the examples of Call Home is to send traps or alert of some specific output.

Can you please provide steps to configure my requirement...

I want to clear translations hourly becuase one of my customer face issue to access servers (placed b/h ASA - Mapped IP -- Public IP) from outside and getting 1289 error on port 80. I have checked NAT configuration and also re-configuring NAT configuration for that IP with same result.

At the same time that client has other 9 servers for which we have done same NATing. But he is not facing any issue in that.

My problem is I can not change private IP as well as public IP in NAT.

Please guide me if you have any other option to resolve this permenently.

Community Member

Automate command execution in ASA-5520

To clear the xlate via call-home, use the snapshot feature:



        alert-group-config snapshot-clear-xlate

          add-command "clear xlate + conditions"

        profile snapshot-profile

          destination transport-method email

          destination address email "your-email"

          subscribe-to-alert-group snapshot periodic hourly 01

This would send the command you define in the snapshot and send you the output via email.

You can configure this quite easy with asdm, just add a subscription-profile and add snapshot with your timeranges.

Under Advanced System Setup just add the commands wich should be sent.

I dont really understand the problem with your translation.

Can you post the nat-statements and syslog-messages when the problem with the connections appear?

Community Member

Automate command execution in ASA-5520

Hi Praful Soni,

first of all: you are giving too much information about your configuration to public, i would recommend to edit your post and delete at least all crypto settings and user information. Further, it would´nt be wrong to update the asa to a newer version.

Is it correct, that you want to clear one of your static mappings?

The "clear xlate" command will not affect static nat entrys - only dynamic entrys.

Community Member

Re: Automate command execution in ASA-5520

thanks for your suggestion.

Community Member

Re: Automate command execution in ASA-5520

Yes. frederic.

But i observed that after running "clear xlate" command problem is getting resolved.

Please let me know information you require to troubleshoot further as I am expecting this issue to come in 2-3 hours.

Now everything running fine.

CreatePlease to create content