Saturday, April 4, 2020

Cisco ASA Firewall clear xlate Command

When you change the route and NAT policy on the ASA firewall, you'll sometimes need to forcefully clear the NAT table using the clear xlate command. This will re-establish the connection on the remote firewall or a VPN device where the remote admin is unavailable or doesn't want to reboot or clear their device.

ciscoasa# show conn | inc 192.168.26.2  
<BLANK>

ciscoasa# clear xlate ?  

  debug      Enter this keyword for debug information
  detail     Enter this keyword for detailed information
  global     Enter this keyword to specify global ip range
  gport      Enter this keyword to specify global port(s)
  interface  Enter this keyword to specify an interface
  local      Enter this keyword to specify local ip range
  lport      Enter this keyword to specify local port(s)
  state      Enter this keyword to specify state
  <cr>

ciscoasa# clear xlate global 200.11.10.5 local 192.168.26.2

ciscoasa# show conn | inc 192.168.26.2
TCP outside 123.21.13.11:50810 CUSTOMER 192.168.26.2:445, idle 0:00:04, bytes 0, flags SaAB
TCP outside 185.176.2.10:40872 CUSTOMER 192.168.26.2:33392, idle 0:00:05, bytes 0, flags SaAB
TCP outside 185.176.2.2:59627 CUSTOMER 192.168.26.2:3375, idle 0:00:22, bytes 0, flags SaAB
UDP outside 128.223.5.10:61677 CUSTOMER 192.168.26.2:33523, idle 0:01:19, bytes 0, flags -

<OUTPUT TRUNCATED>

No comments:

Post a Comment