Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
1
Replies

clear xlate

aksher
Level 1
Level 1

‎08-02-2006 10:59 PM - edited ‎03-09-2019 03:48 PM

after finishing off with the nat statements we give clear xlate command

but where as for conn we dont give clear conn. when initiating a connection and if we see it on firewall using sh conn we can see the conn details but to see this nat info using sh xlate it takes 3 hrs by default or we can see it only if clear xlate is given..is it correct?

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎08-03-2006 04:08 AM

Hi Aksher,

The "clear xlate" command allows you to manually clear the current (live) translation table. This command is useful if you configure your NAT and want to test it immediately.

By default, the translation (xlate) table is set to remain for 3 hours (so what you see was correct) before it starts to flush/refresh again (use 'show xlate" to view this table ). You can see this in your firewall config as follow:

timeout xlate 3:00:00 --> default 3 hour

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

You can also use "clear conn" to manually flush the current connection table. Bear in mind clearing xlate or connection will flush the whole active translation & connections, but useful for testing purposes.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008042d6f9.html#wp1054048

Rgds,

AK

0 Helpful
Customers Also Viewed These Support Documents