Xlate and connection on seperate interface

ntidcombe1 · ‎01-22-2007

outside = 10.10.10.1 /24

inside = 172.16.0.1 /24

Dmz = 192.168.0.1 /24

nat (inside) 0 0.0.0.0 0.0.0.0

If i have a connection established from an inside host (172.16.0.100) to an outside server (10.10.10.50) will i need to issue the clear xlate command if i then add a DMZ no nat rule and i want to connect to the same outside server from the dmz

nat (dmz) 0 0.0.0.0 0.0.0.0

The reason i ask is that I am unable to issue the "clear xlate" command due to change management controls.

jim · ‎01-22-2007

You should be able to just clear xlate for that host entry instead of a global clear xlate command. This would avoid an interupt in service for the rest of your network hosts.

sachinraja · ‎01-23-2007

Hello neil,

Do the DMz hosts, already existing on the network with some statics or nat before??? If this is a new configuration or interface, i believe, u dont need to do a clear xlate, as there are will be no translations for the clients on the DMZ.. nat 0 from inside will be on the nat table, but will not clash on the nat table created by the DMZ hosts....

If nat entry already exists, you have to do a clear xlate and as told by fellow netpro engineer, u can do it with a particular host.. no other go !!

Hope this helps.. all the best..

Raj

lganeva · ‎01-28-2007

there is no need to do clear xlate. In the first case you connect from an inside host, in the second from the DMZ. There are separate xlate slots.