Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
5
Replies

ASA FIrewall, Stops communication from one server to the other even rules in place

Manas Das
Level 1
Level 1

‎03-04-2016 06:17 AM - edited ‎03-12-2019 12:26 AM

I finally able solve a huge issue after three days after taking support of Cisco. 

I had a server 1 (10.33.206.11) placed in one of the interface on ASA (FWSM-6509) and another server 2 (10.33.193.140) in the inside zone directly connected through switch. I was not able to reach the server 1 in any way even all the rules are in place but i was able to reach that server through outside interface of firewall (It is not a internet facing firewall).

So cisco did run two commands

1. clear xlate

2. clear conn       and now the problem is solved.  wanna know the reason why was it happening?

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎03-04-2016 06:26 AM

Hi,

It may be the reason that stale xlate (NAT) entries on the firewall would be causing the traffic to not get passed.

So in order to clear a stale NAT entry we use clear xlate and to clear an existing/stale  connection on the Firewall we use clear connection.

Hope it clears your doubt.

Regards,

Aditya

Please rate helpful posts.

0 Helpful

Manas Das
Level 1
Level 1
In response to Aditya Ganjoo

‎03-04-2016 07:45 AM

Peter and Aditya, There is no NATing done on this Fiewall as I said this is not  internet facing firewall. its completely in intranet zone. The server 1 was accessible from the server placed and coming from outside interface but not from inside.

0 Helpful

Peter Long
Level 1
Level 1
In response to Manas Das

‎03-04-2016 08:20 AM

Even if there is no nat, nothing happens without a connection in the embryonic table, I often run clear xlate and clear conn one after the other, cause I know it will blat everything. 

Why did the engineer run clear xlate? cause he does it 40 times a day and its automatic.

0 Helpful

Manas Das
Level 1
Level 1
In response to Peter Long

‎03-04-2016 09:13 AM

Cool Peter, Thank you so much for the explanation. Will look into this.

0 Helpful

Peter Long
Level 1
Level 1

‎03-04-2016 06:31 AM

You had an incorrect translation or connection that needed to be flushed form the firewalls cache

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card