topic Re: Removing a static nat on Pix 515E in Network Security

Removing a static nat on Pix 515E

tbarberio — Mon, 11 Mar 2019 10:07:17 GMT

I have a static nat table with this rule

( i have put in X to cover my publci ip for security reasons for this post)

static (inside,outside) 65.91.XXX.XX 192.168.211.1 netmask 255.255.255.255 0 0

How do I remove just that one line without clearing the entire table?

Re: Removing a static nat on Pix 515E

Patrick Iseli — Mon, 30 Apr 2007 22:39:40 GMT

You just need to put the statement in front of the line !

no static (inside,outside) 65.91.XXX.XX 192.168.211.1 netmask 255.255.255.255 0 0

Usulaly after changing the NAT to clear the translation table:

clear xlate

But take care this will reset all connections.

sincerely

Patrick

Re: Removing a static nat on Pix 515E

Fernando_Meza — Tue, 01 May 2007 02:19:07 GMT

Hi .. add the no in front of the sentence no static (inside,outside) 65.91.XXX.XX 192.168.211.1 netmask 255.255.255.255 0 0 and then type in clear xlate global 65.91.XXX.XX netmask 255.255.255.255. In that way you will not affect the other connections.

I hope it helps .. please rate it if it does

Re: Removing a static nat on Pix 515E

hussainkhalid — Thu, 05 Jul 2007 05:05:03 GMT

I need to do the same, but it gives me some error

ERROR: % Invalid input detected at '^' marker.

i have seen something in

sh xlate

and it shows me the same

Global XXX.XXX.XXX.XXX Local XXX.XXX.XXX.XXX

Do i need to remove the this also because it is the same NAT which i want to remove.

how do i remove this as well?

clear xlate? what is xlate? are these active connections? what if i say clear xlate? will it remove the xlate entries permanently? please help!

Re: Removing a static nat on Pix 515E

Jon Marshall — Thu, 05 Jul 2007 05:58:14 GMT

To clear an an an xlate entry use the command Fernando sent. This will remove the specific xlate entry.

Xlate is the translation table that the pix uses for NAT translations. If you say "clear xlate" you remove all the current translations which means that all existing connections through the firewall will be dropped, probably not something you want to do in a production environment 🙂

The xlate entries are dynamically added so if you remove it the next time the connection is made the entry will reappear. If you want to ensure that an xlate entry never returns you need to remove the corresponding nat entry from your configuration.

HTH

Jon

Re: Removing a static nat on Pix 515E

hussainkhalid — Thu, 05 Jul 2007 06:31:41 GMT

no static (Inside,Outside) 62.215.215.215 62.215.215.215 netmask 255.255.255.255

^ clear global 62.215.215.215 Local 62.215.215.215

ERROR: % Invalid input detected at '^' marker.

I GET THIS ERROR MESSAGE! PLEASE HELP ON THIS!

Re: Removing a static nat on Pix 515E

Jon Marshall — Thu, 05 Jul 2007 06:35:06 GMT

Instead of typing this

clear global 62.215.215.215 Local 62.215.215.215

try

clear xlate global 62.215.215.215

BUT before you do this type

"sh xlate"

If the entry for 62.215.215.215 is not in the xlate table you don't need to clear it.

HTH

Jon

Re: Removing a static nat on Pix 515E

hussainkhalid — Thu, 05 Jul 2007 09:24:54 GMT

didnt work, doesnt give any error but when i say

sh xlate

the entry is still there!

do i need to remove NAT before that?

Re: Removing a static nat on Pix 515E

Jon Marshall — Thu, 05 Jul 2007 09:33:02 GMT

Can you post the running config of your firewall + the output of a "sh xlate"

Jon

Re: Removing a static nat on Pix 515E

hussainkhalid — Thu, 05 Jul 2007 10:09:02 GMT

sorry, cannot!

Re: Removing a static nat on Pix 515E

hussainkhalid — Mon, 09 Jul 2007 11:13:28 GMT

i tried to delete the static nat and xlate...doesnt work! xlate doesnt give any error but still shows in the list...and static nat gives error on that command...

ERROR: % Invalid input detected at '^' marker.