Nat and pix config

Discussion in 'Cisco' started by rhltechie@gmail.com, Jun 15, 2006.

  1. Guest

    Hi All,


    I recently deleted one of my nat statements because i needed to change
    the address the inside was being natted to. well i removed the old and
    added a new. i see it in the running config. but when i ping from the
    outside world, the old address still answers and the new one does not.
    what could i be missing? i had to do this while the internal server
    was still up and running, could it be holding on to that public ip
    until i reboot both the pix and the server?

    TIA,

    R
     
    , Jun 15, 2006
    #1
    1. Advertising

  2. Guest

    You will have to do a "clear xlate global x.x.x.x" to clear the old
    nat.

    You should be able to see the current translations by doing a "sho
    xlate"

    TGH

    wrote:
    > Hi All,
    >
    >
    > I recently deleted one of my nat statements because i needed to change
    > the address the inside was being natted to. well i removed the old and
    > added a new. i see it in the running config. but when i ping from the
    > outside world, the old address still answers and the new one does not.
    > what could i be missing? i had to do this while the internal server
    > was still up and running, could it be holding on to that public ip
    > until i reboot both the pix and the server?
    >
    > TIA,
    >
    > R
     
    , Jun 15, 2006
    #2
    1. Advertising

  3. mcaissie Guest

    Deleting the translation rule does not delete the translation itself .

    To do so , do a "clear xlate" . You can see the existing translation
    with "sh xlate".

    As soon as the xlate for your inside IP is deleted it will create a new
    one
    using your new rule . No reboot is needed.

    Be carefull , if you do a "clear xlate" without specification you will
    clear all xlates , and
    will disconnect all existing sessions , wich may be (or may be not )
    critical, depending on the
    nature of services provided through your PIX.


    clear xlate [global | local ip1[-ip2] [netmask mask]] lport | gport
    port[-port]]
    [interface if1[,if2][,ifn]] [state static [,dump] [,portmap] [,norandomseq]
    [,identity]]

    show xlate [detail] [global | local ip1 [-ip2] [netmask mask]] lport | gport
    port [-port]]
    [interface if1 [,if2] [,ifn]] [state static [,dump] [,portmap]
    [,norandomseq] [,identity]] [debug] [count]









    <> wrote in message
    news:...
    > Hi All,
    >
    >
    > I recently deleted one of my nat statements because i needed to change
    > the address the inside was being natted to. well i removed the old and
    > added a new. i see it in the running config. but when i ping from the
    > outside world, the old address still answers and the new one does not.
    > what could i be missing? i had to do this while the internal server
    > was still up and running, could it be holding on to that public ip
    > until i reboot both the pix and the server?
    >
    > TIA,
    >
    > R
    >
     
    mcaissie, Jun 15, 2006
    #3
  4. Guest

    Thanks so much! everything is ok now.


    mcaissie wrote:
    > Deleting the translation rule does not delete the translation itself .
    >
    > To do so , do a "clear xlate" . You can see the existing translation
    > with "sh xlate".
    >
    > As soon as the xlate for your inside IP is deleted it will create a new
    > one
    > using your new rule . No reboot is needed.
    >
    > Be carefull , if you do a "clear xlate" without specification you will
    > clear all xlates , and
    > will disconnect all existing sessions , wich may be (or may be not )
    > critical, depending on the
    > nature of services provided through your PIX.
    >
    >
    > clear xlate [global | local ip1[-ip2] [netmask mask]] lport | gport
    > port[-port]]
    > [interface if1[,if2][,ifn]] [state static [,dump] [,portmap] [,norandomseq]
    > [,identity]]
    >
    > show xlate [detail] [global | local ip1 [-ip2] [netmask mask]] lport | gport
    > port [-port]]
    > [interface if1 [,if2] [,ifn]] [state static [,dump] [,portmap]
    > [,norandomseq] [,identity]] [debug] [count]
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > <> wrote in message
    > news:...
    > > Hi All,
    > >
    > >
    > > I recently deleted one of my nat statements because i needed to change
    > > the address the inside was being natted to. well i removed the old and
    > > added a new. i see it in the running config. but when i ping from the
    > > outside world, the old address still answers and the new one does not.
    > > what could i be missing? i had to do this while the internal server
    > > was still up and running, could it be holding on to that public ip
    > > until i reboot both the pix and the server?
    > >
    > > TIA,
    > >
    > > R
    > >
     
    , Jun 15, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Remco Bressers
    Replies:
    1
    Views:
    534
    Jyri Korhonen
    Nov 21, 2003
  2. GVB
    Replies:
    1
    Views:
    2,873
    Martin Bilgrav
    Feb 6, 2004
  3. Binner

    Cisco PIX 501 NAT config issue

    Binner, Oct 5, 2004, in forum: Cisco
    Replies:
    3
    Views:
    3,025
    Martin Bilgrav
    Oct 7, 2004
  4. proza
    Replies:
    7
    Views:
    736
    proza
    Jan 19, 2007
  5. karlman

    PIX 501 Config (ACL and NAT)

    karlman, Mar 1, 2008, in forum: Cisco
    Replies:
    0
    Views:
    449
    karlman
    Mar 1, 2008
Loading...

Share This Page