Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot clear xlate entry

I removed a static nat entry. I cleared the xlate table - within seconds the static translation for the entry I had just removed was back.

The firewall did not remove the entry from the translation table

Despite the fact that there is a command 'clear xlate' to clear the translation table which - the nat entry would only dissapear for a couple of seconds and then reappear. It was an system fault with the pix.

I tried a specific 'clear xlate <IP>' and then a global 'clear xlate' and neither worked.

This inherent fault is proven by the fact that, when rebooting the firewall, the problem dissapeared and the translation remained 'gone'. As I'm sure you'll agree it should not be necessary to reboot the firewall to get rid of an X-late entry.

Any advise or suggestions??

The pix version is 6.3.1

Thanks for your help

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Cannot clear xlate entry

Hi,

this is a known bug within 6.3.1 (bug-ID CSCea84806)

See the following link:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea84806&cco_product=PIX+Firewall&fset=&swver=6.3&keyw=&target=1&train=

Saving config and rebooting is the workaround for this bug. The problem has been resolved within 6.3.2

Kind Regards,

Leo

5 REPLIES
Gold

Re: Cannot clear xlate entry

Hi -

I'm sure you did this, but did you do clear xlate after clearing the specific entry and the saved to memory with : write memory ??

New Member

Re: Cannot clear xlate entry

No - I did this:

no static blah blah blah

sh xlate

clear xlate blah blah

clear xlate

wr mem

reload

<< ONCE REBOOTED ... GONE>>

Do you think I should have done a write mem and then checked the x-late table?

Why would it make a difference?

Gold

Re: Cannot clear xlate entry

Try, what you suggested, i.e. write memory and then clear xlate and see what happens.

Silver

Re: Cannot clear xlate entry

Hi,

this is a known bug within 6.3.1 (bug-ID CSCea84806)

See the following link:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea84806&cco_product=PIX+Firewall&fset=&swver=6.3&keyw=&target=1&train=

Saving config and rebooting is the workaround for this bug. The problem has been resolved within 6.3.2

Kind Regards,

Leo

New Member

Re: Cannot clear xlate entry

Thank you.

279
Views
0
Helpful
5
Replies