We are observing the following two issues with our ASA 5540 firewall.
Clear xlate local is not evacuating the connection established with that local ip. Translation is clearing but it is not able to track the corresponding connections and clear the statement, even after switching off the local machine .Very frequently random users are facing connectivity issue, this is creating more complex while troubleshooting any connectivity issue.
With same nat/global statement, connections are established to the same destination. Suddenly few hosts loses the connection and not able to establish again. On verification we have observed, hit counts increases on access-list, connection statement/xlate statements are available, but the connection not established. Connection status is saA, but similar access-list in the same nat/global host is able to establish connections. Randomly we are getting this kind of issue.
This document provides examples of basic Network Address Translation (NAT) and Port Address Translation (PAT) configurations on the Cisco PIX 500 Series Security Appliances. Simplified network diagrams are provided. Consult the PIX documentation for your PIX software version for detailed information
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...