Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Clear xlate on an ASA?

So i'm finally migrating my PIX 520 to an ASA. My platform was too old to qualify for the upgrade tool so i'm training myself on the gui as i manually migrate my config over.

We used to do clear translations on the pix between inside and the dmz. is there an equivalent on the ASA? Is that the translation exemption rule?

JM

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Clear xlate on an ASA?

It's still accomplished with the static statement. You can do it in the GUI, but if you are comfortable with using the CLI, I would do it that way.

7 REPLIES
New Member

Re: Clear xlate on an ASA?

Clear xlate will clear the all the translations. If you want to be more specific, you can do a clear xlate interface

New Member

Re: Clear xlate on an ASA?

I'm not talking about clearing the translations, but a "clear translation"...for example:

static (inside,DMZ) 10.1.25.0 10.1.25.0 netmask 255.255.255.0 0 0

The goal of this is to not have to do real NAT translations between the DMZ and the inside.

Hope that makes more sense.

New Member

Re: Clear xlate on an ASA?

Gotcha. The clear xlate in your title is what threw me off.

At any rate, you still have to do that on the ASA.

Silver

Re: Clear xlate on an ASA?

That's NOT correct. The answer is, like everything else in life, "it depends".

Let say you just use the ASA just like a router. In other words, there is no NAT between inside and outside and inside and dmz, your first option is this:

no nat-control (which is enabled by default on the ASA or Pix 7.x anyway

However, if you have something like this:

nat (inside) 1 0 0

global (outside) 1 interface

When you do this, you will immediately revert the ASA code, in term of NAT, back to the 6.3.x code. Therefore, if you want to go from inside to dmz, then what deyster94 stated is correct.

Confusing, isn't it?

New Member

Re: Clear xlate on an ASA?

Ok, well i still want my natting from Inside->Outisde and DMZ->Outside.

I'm looking for clear translations between the Inside->DMZ and i still want the firewalling in place Inside=100 DMZ=50.

Is this still accomplished with the static statements or is there a new way? the whole reason i ask is i'm using the GUI and don't see the way to do it. Unless i just feed it in Configuration->Nat->Add Address Translation Rule and pick "same address"?

New Member

Re: Clear xlate on an ASA?

It's still accomplished with the static statement. You can do it in the GUI, but if you are comfortable with using the CLI, I would do it that way.

New Member

Re: Clear xlate on an ASA?

yeah, i'm a command line guy at heart, but last time i tried an import from a newer pix into an ASA there were lines in CLI that i could never find displayed in ADSM. Now either I just could never find where they were displayed, or not all the commands were supported in ADSM yet.

either way, it made me a little hesitant in switching back and forth between CLI and the GUI. Since i've got to let others touch this firewall, we're going GUI :)

Thanks for the info!

6962
Views
5
Helpful
7
Replies