What is the impact of disabling xlate in FWSM

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

What is the impact of disabling xlate in FWSM

Post by Guest » Tue Dec 07, 2010 4:03 pm

Hi All, We have simple setup with 3 to 4 zones in FWSM with simple ip traffic flowing across the zones and no natting is configured also in the FWSM.I would like to know what would be the impact if we disable xlate in global configuration in FWSM and what is the command to do the same. Is there any default count stored for xlate table in FWSM and what happens when we do clear xlate in FWSM.  RegardsGanesh.H

Guest

Re:What is the impact of disabling xlate in FWSM

Post by Guest » Tue Dec 07, 2010 5:10 pm

ganeshh.iyer wrote: Hi All, We have simple setup with 3 to 4 zones in FWSM with simple ip traffic flowing across the zones and no natting is configured also in the FWSM.I would like to know what would be the impact if we disable xlate in global configuration in FWSM and what is the command to do the same. Is there any default count stored for xlate table in FWSM and what happens when we do clear xlate in FWSM.  RegardsGanesh.H Ganesh The xlate table is used for NAT translations. If you are not doing any Natting then there won be any entries in the xlate table. Im not aware of a way to disable xlate on the FWSM but im not sure why you would want or need to do that anyway. Not sure what you mean by default count, do you mean maximum number of allowed xlate entries ? If you clear xlate on the FWSM or ASA then any existing connections that have entries in the xlate table will be torn down so its not usually a thing you want to do during production hours. Note that the clear xlate command has an option to specify which actual xlate entry you want to remove. Jon

Guest

Re:What is the impact of disabling xlate in FWSM

Post by Guest » Tue Dec 07, 2010 5:54 pm

If you don need translation, you can configure the "xlate-bypass" feature:http://www.cisco.com/en/US/docs/securit ... #wp1306953 The maximum concurrent xlate in FWSM hardware is 262144 Hope that helps.

Guest

Re:What is the impact of disabling xlate in FWSM

Post by Guest » Tue Dec 07, 2010 7:02 pm

halijenn wrote: If you don need translation, you can configure the "xlate-bypass" feature:http://www.cisco.com/en/US/docs/securit ... #wp1306953 The maximum concurrent xlate in FWSM hardware is 262144 Hope that helps. I stand corrected. Many thanks for that link. Ganesh - apologies for the misleading information, i have learnt something new today. Jon

Guest

Re:What is the impact of disabling xlate in FWSM

Post by Guest » Tue Dec 07, 2010 7:13 pm

Jon - we all learn everyday

Post Reply