Solved: Should I remove 'xlate per-session' ASA commands

johnlloyd_13 · ‎04-06-2017

hi,

i've upgrade an ASA to 9 code and it generated these lines.

do i need these?

is it safe to remove them?

xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain

tavkaur · ‎04-08-2017

Hi John,

From version 9.0, all TCP PAT traffic and all UDP DNS traffic use per-session PAT.

Now if since you upgraded to 9.x code from an earlier one, the per-session PAT feature is disabled during configuration migration. Since the earlier versions made use of multi-session PAT feature. So this command is enabled by default.

In case you want to enable the per-session PAT you can run the following command

'clear configure xlate'

You can go ahead and remove them without any issues.

View solution in original post

tavkaur · ‎04-08-2017