Configuring Xlate Bypass; Using Dynamic Nat And Pat - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 16
Configuring NAT
Configuring Xlate Bypass
By default, the FWSM creates NAT sessions for all connections even if you do not use NAT. To avoid
running into the maximum NAT session limit, you can disable NAT sessions for untranslated traffic
(called xlate bypass). See the
information.
To enable xlate bypass, enter the following command:
hostname(config)# xlate-bypass
To disable xlate bypass, enter the no form of the command.
The following sample output from the show xlate detail command shows xlate bypass disabled. The
bolded display output shows that all 16 connections require identity NAT xlates even though NAT is not
explicitly configured for any of the connections.
hostname# show xlate detail
Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
16 in use, 16 most used
NAT from inside:10.1.1.11 to outside:10.1.1.11 flags Ii
NAT from inside:10.1.1.12 to outside:10.1.1.12 flags Ii
NAT from inside:10.1.1.13 to outside:10.1.1.13 flags Ii
NAT from inside:10.1.1.14 to outside:10.1.1.14 flags Ii
NAT from inside:10.1.1.15 to outside:10.1.1.15 flags Ii
...
NAT from inside:10.1.1.25 to outside:10.1.1.25 flags Ii
NAT from inside:10.1.1.26 to outside:10.1.1.26 flags Ii.
The following sample output from the show xlate detail command shows xlate bypass enabled. The
bolded display output shows that of the 16 connections active, none require xlates.
hostname# show xlate detail
Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
0 in use, 16 most used
The following sample output from the show xlate detail command shows xlate bypass enabled, but
includes a static identity NAT configuration, which does require an xlate.
hostname(config)# static (inside,outside) 10.1.1.20 10.1.1.20 netmask 255.255.255.255
hostname(config)# show xlate detail
Flags: D - DNS, d - dump, I - identity, i - inside, n - no random,
1 in use, 16 most used
NAT from inside:10.1.1.20 to outside:10.1.1.20 flags Isi
Using Dynamic NAT and PAT
This section describes how to configure dynamic NAT and PAT, and it includes the following topics:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
"NAT Session (Xlate) Creation" section on page 16-13
o - outside, r - portmap, s - static
o - outside, r - portmap, s - static
o - outside, r - portmap, s - static
Dynamic NAT and PAT Implementation, page 16-20
Configuring Dynamic NAT or PAT, page 16-26
Configuring Xlate Bypass
for more
16-19
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
