01-21-2020 01:10 PM - edited 02-21-2020 09:51 AM
Solved! Go to Solution.
01-21-2020 02:17 PM
yes this could be a good start to looking into as you seem to see a similar issue.
01-21-2020 01:16 PM
xlatet basically means "translation" as in NAT translation.
ASA keeps an xlate table which you can view and this is a record of all NAT translations done by the firewall. Dynamic and static NAT translations are entered into the xlate table but dynamic entries will eventually time out if not used and be removed.
Conn.
show conn is the command show the establish connection on the unit ASA. it give you the log entries for the each single connection with full breakdown of the connection.
01-21-2020 01:20 PM
Hi Sheraz
Thanks for the quick response and clear explanation of the two as a start ....
Maybe i will ask my actual question as a follow .... what could be the possible reason at time the xlates keeps automatically increasing to a point where is also notice the Conn hit the limit (500k in my case) and suddenly i start see there is drop on the traffic pass through the box .... i hope i ask the right question ???
01-21-2020 01:38 PM - edited 01-21-2020 01:40 PM
The reason for xlate number increase mean you have a lot of traffic coming to the box.so that make sense that you conn number increase. interestingly, you also see a drop in the traffic.
there are few number of trick you can play and gather the information to start the investigation.
check you asa unit Ring utilization a good start.
show interface detail | b Internal-Data
RX[00]: 32702731 packets, 24546759207 bytes, 0 overrun
Blocks free curr/low: 1007/0
RX[01]: 34360128 packets, 24097261375 bytes, 0 overrun
Blocks free curr/low: 1007/0
TX[00]: 32702734 packets, 24546761081 bytes, 0 underruns
Blocks free curr/low: 1007/779
TX[01]: 34360128 packets, 24097261375 bytes, 0 underruns
Blocks free curr/low: 1007/850
!
show asp drop
!
show local-host | incl host|count|embryonic
!
show shun statistics
!
do you have a netflow collector to see where this much traffic coming and then disappearing. i think it would be great if you pick up a one random ip address or you can set capture on your interface and analyses the the packet capture.
01-21-2020 04:22 PM
where i can rate .... i cannot find it
01-21-2020 01:52 PM
Hi
I find this doc https://forum.networklessons.com/t/asa-xlate-increase-all-time/567/17
this is relate to what i notice
01-21-2020 02:17 PM
yes this could be a good start to looking into as you seem to see a similar issue.
01-21-2020 04:20 PM
Hi Sheraz
I believe the posts i paste above fix my issue.
Ever Since i changed my specific user tcp timeout to 5 min , my traffic keeps climd, cpu, memory dropped so does the conn and xlate ... i believe this is kind a one stone hit all the birds .... i ma currently monitor now ......
01-21-2020 05:29 PM
Hi Sheraz
I also note that xlates has been removed but when i show conn i still see it is there .
Does this mean the tcp connection is still establish but it is got cleared from the xlate table .... if thats the case is it normal to be like that or i need to adjust something else....
FYI
Things are currently running as expected .... at least for the last two hours since i changed that tcp thing a while ago
01-21-2020 05:32 PM
sorry my bad ... i did notice similar ip address comes up when i do the sh conn ... sorry for that
01-23-2020 10:26 AM
01-23-2020 10:46 AM
Thats a good news. good work :)
01-23-2020 02:56 PM
Hi Shrez
We have another issue that two ASA within in the same /24 cannot form ipsec tunnel ... is it a default or it may be my config is not correct. Same exact ASA can form tunnel to other ASA on different subnet with same config but not to each other
01-23-2020 11:09 PM
Can you post the configuration of these two problematic ASA?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide