Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Xlate and connection on seperate interface

outside = 10.10.10.1 /24

inside = 172.16.0.1 /24

Dmz = 192.168.0.1 /24

nat (inside) 0 0.0.0.0 0.0.0.0

If i have a connection established from an inside host (172.16.0.100) to an outside server (10.10.10.50) will i need to issue the clear xlate command if i then add a DMZ no nat rule and i want to connect to the same outside server from the dmz

nat (dmz) 0 0.0.0.0 0.0.0.0

The reason i ask is that I am unable to issue the "clear xlate" command due to change management controls.

3 REPLIES
jim
New Member

Re: Xlate and connection on seperate interface

You should be able to just clear xlate for that host entry instead of a global clear xlate command. This would avoid an interupt in service for the rest of your network hosts.

Re: Xlate and connection on seperate interface

Hello neil,

Do the DMz hosts, already existing on the network with some statics or nat before??? If this is a new configuration or interface, i believe, u dont need to do a clear xlate, as there are will be no translations for the clients on the DMZ.. nat 0 from inside will be on the nat table, but will not clash on the nat table created by the DMZ hosts....

If nat entry already exists, you have to do a clear xlate and as told by fellow netpro engineer, u can do it with a particular host.. no other go !!

Hope this helps.. all the best..

Raj

New Member

Re: Xlate and connection on seperate interface

there is no need to do clear xlate. In the first case you connect from an inside host, in the second from the DMZ. There are separate xlate slots.

143
Views
4
Helpful
3
Replies
CreatePlease login to create content