04-06-2017 11:45 PM - edited 03-12-2019 02:11 AM
hi,
i've upgrade an ASA to 9 code and it generated these lines.
do i need these?
is it safe to remove them?
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
Solved! Go to Solution.
04-08-2017 08:56 PM
Hi John,
From version 9.0, all TCP PAT traffic and all UDP DNS traffic use per-session PAT.
Now if since you upgraded to 9.x code from an earlier one, the per-session PAT feature is disabled during configuration migration. Since the earlier versions made use of multi-session PAT feature. So this command is enabled by default.
In case you want to enable the per-session PAT you can run the following command
'clear configure xlate'
You can go ahead and remove them without any issues.
04-08-2017 08:56 PM
Hi John,
From version 9.0, all TCP PAT traffic and all UDP DNS traffic use per-session PAT.
Now if since you upgraded to 9.x code from an earlier one, the per-session PAT feature is disabled during configuration migration. Since the earlier versions made use of multi-session PAT feature. So this command is enabled by default.
In case you want to enable the per-session PAT you can run the following command
'clear configure xlate'
You can go ahead and remove them without any issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide