Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Nat and pix config (http://www.velocityreviews.com/forums/t299766-nat-and-pix-config.html)

rhltechie@gmail.com 06-15-2006 07:45 PM

Nat and pix config
 
Hi All,


I recently deleted one of my nat statements because i needed to change
the address the inside was being natted to. well i removed the old and
added a new. i see it in the running config. but when i ping from the
outside world, the old address still answers and the new one does not.
what could i be missing? i had to do this while the internal server
was still up and running, could it be holding on to that public ip
until i reboot both the pix and the server?

TIA,

R


tghaas@gmail.com 06-15-2006 08:02 PM

Re: Nat and pix config
 
You will have to do a "clear xlate global x.x.x.x" to clear the old
nat.

You should be able to see the current translations by doing a "sho
xlate"

TGH

rhltechie@gmail.com wrote:
> Hi All,
>
>
> I recently deleted one of my nat statements because i needed to change
> the address the inside was being natted to. well i removed the old and
> added a new. i see it in the running config. but when i ping from the
> outside world, the old address still answers and the new one does not.
> what could i be missing? i had to do this while the internal server
> was still up and running, could it be holding on to that public ip
> until i reboot both the pix and the server?
>
> TIA,
>
> R



mcaissie 06-15-2006 08:04 PM

Re: Nat and pix config
 
Deleting the translation rule does not delete the translation itself .

To do so , do a "clear xlate" . You can see the existing translation
with "sh xlate".

As soon as the xlate for your inside IP is deleted it will create a new
one
using your new rule . No reboot is needed.

Be carefull , if you do a "clear xlate" without specification you will
clear all xlates , and
will disconnect all existing sessions , wich may be (or may be not )
critical, depending on the
nature of services provided through your PIX.


clear xlate [global | local ip1[-ip2] [netmask mask]] lport | gport
port[-port]]
[interface if1[,if2][,ifn]] [state static [,dump] [,portmap] [,norandomseq]
[,identity]]

show xlate [detail] [global | local ip1 [-ip2] [netmask mask]] lport | gport
port [-port]]
[interface if1 [,if2] [,ifn]] [state static [,dump] [,portmap]
[,norandomseq] [,identity]] [debug] [count]









<rhltechie@gmail.com> wrote in message
news:1150400750.593558.77070@c74g2000cwc.googlegro ups.com...
> Hi All,
>
>
> I recently deleted one of my nat statements because i needed to change
> the address the inside was being natted to. well i removed the old and
> added a new. i see it in the running config. but when i ping from the
> outside world, the old address still answers and the new one does not.
> what could i be missing? i had to do this while the internal server
> was still up and running, could it be holding on to that public ip
> until i reboot both the pix and the server?
>
> TIA,
>
> R
>




rhltechie@gmail.com 06-15-2006 08:23 PM

Re: Nat and pix config
 
Thanks so much! everything is ok now.


mcaissie wrote:
> Deleting the translation rule does not delete the translation itself .
>
> To do so , do a "clear xlate" . You can see the existing translation
> with "sh xlate".
>
> As soon as the xlate for your inside IP is deleted it will create a new
> one
> using your new rule . No reboot is needed.
>
> Be carefull , if you do a "clear xlate" without specification you will
> clear all xlates , and
> will disconnect all existing sessions , wich may be (or may be not )
> critical, depending on the
> nature of services provided through your PIX.
>
>
> clear xlate [global | local ip1[-ip2] [netmask mask]] lport | gport
> port[-port]]
> [interface if1[,if2][,ifn]] [state static [,dump] [,portmap] [,norandomseq]
> [,identity]]
>
> show xlate [detail] [global | local ip1 [-ip2] [netmask mask]] lport | gport
> port [-port]]
> [interface if1 [,if2] [,ifn]] [state static [,dump] [,portmap]
> [,norandomseq] [,identity]] [debug] [count]
>
>
>
>
>
>
>
>
>
> <rhltechie@gmail.com> wrote in message
> news:1150400750.593558.77070@c74g2000cwc.googlegro ups.com...
> > Hi All,
> >
> >
> > I recently deleted one of my nat statements because i needed to change
> > the address the inside was being natted to. well i removed the old and
> > added a new. i see it in the running config. but when i ping from the
> > outside world, the old address still answers and the new one does not.
> > what could i be missing? i had to do this while the internal server
> > was still up and running, could it be holding on to that public ip
> > until i reboot both the pix and the server?
> >
> > TIA,
> >
> > R
> >




All times are GMT. The time now is 12:56 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.