Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

conn vs xlate

is conn always dependent on xlate tht's as long conn is there xalte will be there

5 REPLIES

Re: conn vs xlate

Hi,

Conn exists when there is a communication (via xlate) established between hosts from diffrent

firewall segments.This is possible/permitted via address translation configuration.

Use 'show xlate' to view address translation session/table.

One xlate session allows more than one connection (conn) to establish.

Conn will be there as long as address translation (or xlate) exists. This is why when you issue 'clear xlate' command, all connections will be terminated.

When you issue 'show conn' command, you might see more than one connection is established between two hosts (depending on services allowed).

Rgds,

AK

New Member

Re: conn vs xlate

5 used , 10 most used means

5 are currently translated and 10 alreaday translated?

Re: conn vs xlate

It did not refers to address translation but established connection after address translation permitted by Firewall.

5 used = currently connection

10 most used = maximum connection ever recorded

e.g if at certain time maximum conn is 100, then when you issue the 'show conn' command you have 20 active connection, you'll see something like "20 used, 100 most used".

BTW, the 'conn' refers to TCP connection only.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008042c8b7.html#wp1026157

Rgds,

AK

New Member

Re: conn vs xlate

but what if comes on sh xlate

0 used 0 most used

but still i am able to see connections when i give sh conn

New Member

Re: conn vs xlate

Hi,

When using dynamic translation with a pool(non-overload) the 'xlate' is the pairing of an inside local address with an inside global address. Once this has been created, actual 'conn[ections]' are created for the unique inside IP/port to outside IP/port.Static translations have a permanent 'xlate' but still generate a 'conn'for each flow to/from the outside.

Look at the logs for 'xlate' versus 'connection' entries and you will see the difference.

168
Views
0
Helpful
5
Replies
CreatePlease to create content