When you change the route and NAT policy on the ASA firewall, you'll sometimes need to forcefully clear the NAT table using the clear xlate command. This will re-establish the connection on the remote firewall or a VPN device where the remote admin is unavailable or doesn't want to reboot or clear their device.
ciscoasa# show conn | inc 192.168.26.2
<BLANK>
ciscoasa# clear xlate ?
debug Enter this keyword for debug information
detail Enter this keyword for detailed information
global Enter this keyword to specify global ip range
gport Enter this keyword to specify global port(s)
interface Enter this keyword to specify an interface
local Enter this keyword to specify local ip range
lport Enter this keyword to specify local port(s)
state Enter this keyword to specify state
<cr>
ciscoasa# clear xlate global 200.11.10.5 local 192.168.26.2
ciscoasa# show conn | inc 192.168.26.2
TCP outside 123.21.13.11:50810 CUSTOMER 192.168.26.2:445, idle 0:00:04, bytes 0, flags SaAB
TCP outside 185.176.2.10:40872 CUSTOMER 192.168.26.2:33392, idle 0:00:05, bytes 0, flags SaAB
TCP outside 185.176.2.2:59627 CUSTOMER 192.168.26.2:3375, idle 0:00:22, bytes 0, flags SaAB
UDP outside 128.223.5.10:61677 CUSTOMER 192.168.26.2:33523, idle 0:01:19, bytes 0, flags -
<OUTPUT TRUNCATED>
ciscoasa# show conn | inc 192.168.26.2
<BLANK>
ciscoasa# clear xlate ?
debug Enter this keyword for debug information
detail Enter this keyword for detailed information
global Enter this keyword to specify global ip range
gport Enter this keyword to specify global port(s)
interface Enter this keyword to specify an interface
local Enter this keyword to specify local ip range
lport Enter this keyword to specify local port(s)
state Enter this keyword to specify state
<cr>
ciscoasa# clear xlate global 200.11.10.5 local 192.168.26.2
ciscoasa# show conn | inc 192.168.26.2
TCP outside 123.21.13.11:50810 CUSTOMER 192.168.26.2:445, idle 0:00:04, bytes 0, flags SaAB
TCP outside 185.176.2.10:40872 CUSTOMER 192.168.26.2:33392, idle 0:00:05, bytes 0, flags SaAB
TCP outside 185.176.2.2:59627 CUSTOMER 192.168.26.2:3375, idle 0:00:22, bytes 0, flags SaAB
UDP outside 128.223.5.10:61677 CUSTOMER 192.168.26.2:33523, idle 0:01:19, bytes 0, flags -
<OUTPUT TRUNCATED>
No comments:
Post a Comment