topic Should I remove 'xlate per-session' ASA commands in Network Security https://community.cisco.com/t5/network-security/should-i-remove-xlate-per-session-asa-commands/m-p/3083404#M145124 <P>hi,</P> <P>i've upgrade an ASA to 9 code and it generated these lines.</P> <P>do i need these?</P> <P>is it safe to remove them?</P> <P></P> <P><EM>xlate per-session deny tcp any4 any4</EM><BR /><EM>xlate per-session deny tcp any4 any6</EM><BR /><EM>xlate per-session deny tcp any6 any4</EM><BR /><EM>xlate per-session deny tcp any6 any6</EM><BR /><EM>xlate per-session deny udp any4 any4 eq domain</EM><BR /><EM>xlate per-session deny udp any4 any6 eq domain</EM><BR /><EM>xlate per-session deny udp any6 any4 eq domain</EM><BR /><EM>xlate per-session deny udp any6 any6 eq domain</EM></P> Tue, 12 Mar 2019 09:11:40 GMT johnlloyd_13 2019-03-12T09:11:40Z Should I remove 'xlate per-session' ASA commands https://community.cisco.com/t5/network-security/should-i-remove-xlate-per-session-asa-commands/m-p/3083404#M145124 <P>hi,</P> <P>i've upgrade an ASA to 9 code and it generated these lines.</P> <P>do i need these?</P> <P>is it safe to remove them?</P> <P></P> <P><EM>xlate per-session deny tcp any4 any4</EM><BR /><EM>xlate per-session deny tcp any4 any6</EM><BR /><EM>xlate per-session deny tcp any6 any4</EM><BR /><EM>xlate per-session deny tcp any6 any6</EM><BR /><EM>xlate per-session deny udp any4 any4 eq domain</EM><BR /><EM>xlate per-session deny udp any4 any6 eq domain</EM><BR /><EM>xlate per-session deny udp any6 any4 eq domain</EM><BR /><EM>xlate per-session deny udp any6 any6 eq domain</EM></P> Tue, 12 Mar 2019 09:11:40 GMT https://community.cisco.com/t5/network-security/should-i-remove-xlate-per-session-asa-commands/m-p/3083404#M145124 johnlloyd_13 2019-03-12T09:11:40Z Hi John, https://community.cisco.com/t5/network-security/should-i-remove-xlate-per-session-asa-commands/m-p/3083405#M145125 <P>Hi John,</P> <P></P> <P><SPAN style="font-family: 'Times New Roman',serif;">From version 9.0, all TCP PAT traffic and all UDP DNS traffic use per-session PAT. </SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;">Now if since you upgraded to 9.x code from an earlier one, the per-session PAT feature is disabled during configuration migration. Since the earlier versions made use of multi-session PAT feature. So this command is enabled by default.</SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;"></SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;">In case you want to enable the per-session PAT you can run the following command&nbsp;</SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;">'clear configure xlate'</SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;"></SPAN></P> <P><FONT face="Times New Roman, serif">You can go ahead and remove them without any issues.</FONT></P> <P><SPAN style="font-family: 'Times New Roman',serif;"></SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;"></SPAN></P> <P><SPAN style="font-family: 'Times New Roman',serif;"></SPAN></P> Sun, 09 Apr 2017 03:56:17 GMT https://community.cisco.com/t5/network-security/should-i-remove-xlate-per-session-asa-commands/m-p/3083405#M145125 tavkaur 2017-04-09T03:56:17Z