We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

312 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. johxxn says:

    what do you mean by "the connection rate" ? the connection rate is about 2000 per second

  2. Never mind, I found it in your article.

  3. Hi
    I am running ASAv version 9.6.
    when I run the command “show run | in xlate per-session”, the output is showing all deny rules. But in your output it is showing all permit. Any idea why I am seeing all deny

    ASAv# show run | include xlate per-session
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
  4. Does this mean that by default Multi-Session PAT is enabled on my firewall?

  5. Hmm I think it depends on your platform and/or ASA version. Here’s a 5506 running ASA 9.5 with a fresh config:

    ASA# show running-config all | include xlate
    xlate per-session permit tcp any4 any4
    xlate per-session permit tcp any4 any6
    xlate per-session permit tcp any6 any4
    xlate per-session permit tcp any6 any6
    xlate per-session permit udp any4 any4 eq domain
    xlate per-session permit udp any4 any6 eq domain
    xlate per-session permit udp any6 any4 eq domain
    xlate per-session permit udp any6 any6 eq domain
    

    Per-session is enabled by default. With your deny statements, multi-session PAT is enabled yes.

2 more replies! Ask a question or join the discussion by visiting our Community Forum