03-04-2016 06:17 AM - edited 03-12-2019 12:26 AM
I finally able solve a huge issue after three days after taking support of Cisco.
I had a server 1 (10.33.206.11) placed in one of the interface on ASA (FWSM-6509) and another server 2 (10.33.193.140) in the inside zone directly connected through switch. I was not able to reach the server 1 in any way even all the rules are in place but i was able to reach that server through outside interface of firewall (It is not a internet facing firewall).
So cisco did run two commands
1. clear xlate
2. clear conn and now the problem is solved. wanna know the reason why was it happening?
03-04-2016 06:26 AM
Hi,
It may be the reason that stale
So in order to clear a stale NAT entry we use clear
Hope it clears your doubt.
Regards,
Aditya
Please rate helpful posts.
03-04-2016 07:45 AM
Peter and Aditya, There is no NATing done on this Fiewall as I said this is not internet facing firewall. its completely in intranet zone. The server 1 was accessible from the server placed and coming from outside interface but not from inside.
03-04-2016 08:20 AM
Even if there is no nat, nothing happens without a connection in the embryonic table, I often run clear xlate and clear conn one after the other, cause I know it will blat everything.
Why did the engineer run clear xlate? cause he does it 40 times a day and its automatic.
03-04-2016 09:13 AM
Cool Peter, Thank you so much for the explanation. Will look into this.
03-04-2016 06:31 AM
You had an incorrect translation or connection that needed to be flushed form the firewalls cache
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide