01-14-2014 09:26 PM - edited 03-11-2019 08:30 PM
Dear All,
I have Cisco ASA 5520 running in my setup and want to execute "clear xlate" command at every 1 hr interval. Can anybody help me to automate the same like cronjob in linux.
Thanks in advance for your kind support.
01-14-2014 09:43 PM
You could use the call-home feature to let the asa execute your commands, clear xlate would be possible.
If you want to do send the commands via cronjob, use expect-scripts. There are many examples on the net how to use them.
But why do you want to clear the translations hourly?
01-14-2014 10:07 PM
Thanks Frederic for your reply.
I have gone through Call Home setup commands but not able to get exact steps to follow "clear xlate" command as most of the examples of Call Home is to send traps or alert of some specific output.
Can you please provide steps to configure my requirement...
I want to clear translations hourly becuase one of my customer face issue to access servers (placed b/h ASA - Mapped 72.17.2.26 IP -- Public IP) from outside and getting 1289 error on port 80. I have checked NAT configuration and also re-configuring NAT configuration for that IP with same result.
At the same time that client has other 9 servers for which we have done same NATing. But he is not facing any issue in that.
My problem is I can not change private IP as well as public IP in NAT.
Please guide me if you have any other option to resolve this permenently.
01-14-2014 11:05 PM
To clear the xlate via call-home, use the snapshot feature:
eg:
call-home
alert-group-config snapshot-clear-xlate
add-command "clear xlate + conditions"
profile snapshot-profile
destination transport-method email
destination address email "your-email"
subscribe-to-alert-group snapshot periodic hourly 01
This would send the command you define in the snapshot and send you the output via email.
You can configure this quite easy with asdm, just add a subscription-profile and add snapshot with your timeranges.
Under Advanced System Setup just add the commands wich should be sent.
I dont really understand the problem with your translation.
Can you post the nat-statements and syslog-messages when the problem with the connections appear?
01-15-2014 12:03 AM
Hi Praful Soni,
first of all: you are giving too much information about your configuration to public, i would recommend to edit your post and delete at least all crypto settings and user information. Further, it would´nt be wrong to update the asa to a newer version.
Is it correct, that you want to clear one of your static mappings?
The "clear xlate" command will not affect static nat entrys - only dynamic entrys.
01-15-2014 12:07 AM
thanks for your suggestion.
01-15-2014 12:20 AM
Yes. frederic.
But i observed that after running "clear xlate" command problem is getting resolved.
Please let me know information you require to troubleshoot further as I am expecting this issue to come in 2-3 hours.
Now everything running fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide