07-15-2010 08:02 AM - edited 03-11-2019 11:12 AM
Hi all,
I have a 5520 and using Dynamic NAT. There are times that a client loses Internet connectivity though there is a public IP address NATed to the private IP. My normal solution to this is to "clear xlate". But the problem is that there is a collateral issue affecting other client. Others also loses connectively after I apply the command.
I just want to clear one specific IP and get re-assign another public IP.
I tried the command "clear xlate local xxx.xxx.xxx.xxx (private IP) but does not work.
Any other ASA 5520 command specific to accomplish this?
Thanks in advance.
Del
Solved! Go to Solution.
07-15-2010 10:08 AM
Hello,
Does that host have static translation or dynamic? If it is dynamic, it has
to clear the translations. Can you check the translations before and after
the clearing? It could be that as soon as you clear the translations, the
client tries to build new connections and the entries show up again.
Also, you could clear the local-host table entry for that host to see if
that fixes the issue. If you are still having issues (after clearing
NAT/Local-host), then change the timeout values on the firewall. Typically
the idle timeout is set to 1 hour or more. Change that to a lower value and
see if that helps.
Regards,
NT
07-15-2010 08:27 AM
Hello,
"clear xlate local "
Hope this helps.
Regards,
NT
07-15-2010 09:25 AM
NT,
I did use "clear xlate local xxx.xxx.xxx.xxx". It did not work.
Del
07-15-2010 10:08 AM
Hello,
Does that host have static translation or dynamic? If it is dynamic, it has
to clear the translations. Can you check the translations before and after
the clearing? It could be that as soon as you clear the translations, the
client tries to build new connections and the entries show up again.
Also, you could clear the local-host table entry for that host to see if
that fixes the issue. If you are still having issues (after clearing
NAT/Local-host), then change the timeout values on the firewall. Typically
the idle timeout is set to 1 hour or more. Change that to a lower value and
see if that helps.
Regards,
NT
07-15-2010 10:42 AM
NT,
Good point, I will try to wait next time to see if the translation clear after I issue a 'clear xlate local". I will ask the user to connect again to see if he gets connectivity to the Internet.
I also changed the default timeout for translation to a shorter time.
I will not know if I a successful until I the next incident.
Thanks for the help and info.
Del
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide