xlatet basically means "translation" as in NAT translation.
ASA keeps an xlate table which you can view and this is a record of all NAT translations done by the firewall. Dynamic and static NAT translations are entered into the xlate table but dynamic entries will eventually time out if not used and be removed.
show conn is the command show the establish connection on the unit ASA. it give you the log entries for the each single connection with full breakdown of the connection.
Thanks for the quick response and clear explanation of the two as a start ....
Maybe i will ask my actual question as a follow .... what could be the possible reason at time the xlates keeps automatically increasing to a point where is also notice the Conn hit the limit (500k in my case) and suddenly i start see there is drop on the traffic pass through the box .... i hope i ask the right question ???
The reason for xlate number increase mean you have a lot of traffic coming to the box.so that make sense that you conn number increase. interestingly, you also see a drop in the traffic.
there are few number of trick you can play and gather the information to start the investigation.
check you asa unit Ring utilization a good start.
show interface detail | b Internal-Data
RX: 32702731 packets, 24546759207 bytes, 0 overrun
Blocks free curr/low: 1007/0
RX: 34360128 packets, 24097261375 bytes, 0 overrun
Blocks free curr/low: 1007/0
TX: 32702734 packets, 24546761081 bytes, 0 underruns
Blocks free curr/low: 1007/779
TX: 34360128 packets, 24097261375 bytes, 0 underruns
Blocks free curr/low: 1007/850
show asp drop
show local-host | incl host|count|embryonic
show shun statistics
do you have a netflow collector to see where this much traffic coming and then disappearing. i think it would be great if you pick up a one random ip address or you can set capture on your interface and analyses the the packet capture.
this is relate to what i notice
I believe the posts i paste above fix my issue.
Ever Since i changed my specific user tcp timeout to 5 min , my traffic keeps climd, cpu, memory dropped so does the conn and xlate ... i believe this is kind a one stone hit all the birds .... i ma currently monitor now ......
I also note that xlates has been removed but when i show conn i still see it is there .
Does this mean the tcp connection is still establish but it is got cleared from the xlate table .... if thats the case is it normal to be like that or i need to adjust something else....
Things are currently running as expected .... at least for the last two hours since i changed that tcp thing a while ago
i just want to share the good news :) ....
the tremendous decrease in everything after i made that change i mention above ... the CPU, Memory is not included in here but the CONN is dropped ... result faster and better experienced of the user.
We have another issue that two ASA within in the same /24 cannot form ipsec tunnel ... is it a default or it may be my config is not correct. Same exact ASA can form tunnel to other ASA on different subnet with same config but not to each other