Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7729
Views
0
Helpful
1
Replies

Logging NAT translation on a Cisco ASA

Go to solution
fabio1234
Level 1
Level 1

‎04-26-2007 05:51 AM - edited ‎03-03-2019 04:43 PM

Hi,

I own a Cisco ASA 5520. It's configured to send all log to a syslog server. Now I want to log also NAT translations (i.e. the internal private IP address and the external public IP of every new connection).

Is it possible to do? Any hints?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-26-2007 06:40 AM

Hi

From my syslog server

Apr 26 08:35:03 10.228.48.6 Apr 26 2007 08:51:36: %PIX-6-305009: Built static translation from outside:10.15.1.1 to inside:10.228.56.2

From the cisco pix message docs

=============================================

Error Message %PIX-6-305009: Built {dynamic|static} translation from

interface:real-address to interface:mapped-address

Explanation An address translation slot was created. The slot is used to translate the source address from the local side to the global side. In reverse, the slot is used to translate the destination address from the global side to the local side.

Recommended Action None required.

=============================================

These messages are logged as informational so you will need to set your trap level to info on your pix. This will generate a lot of info so take into account bandwidth used on network and big logs.

I use syslog-ng which doesn't solve the bandwidth problem but does allow you to intelligently discard messages you aren't interested in.

HTH

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-26-2007 06:40 AM

Hi

From my syslog server

Apr 26 08:35:03 10.228.48.6 Apr 26 2007 08:51:36: %PIX-6-305009: Built static translation from outside:10.15.1.1 to inside:10.228.56.2

From the cisco pix message docs

=============================================

Error Message %PIX-6-305009: Built {dynamic|static} translation from

interface:real-address to interface:mapped-address

Explanation An address translation slot was created. The slot is used to translate the source address from the local side to the global side. In reverse, the slot is used to translate the destination address from the global side to the local side.

Recommended Action None required.

=============================================

These messages are logged as informational so you will need to set your trap level to info on your pix. This will generate a lot of info so take into account bandwidth used on network and big logs.

I use syslog-ng which doesn't solve the bandwidth problem but does allow you to intelligently discard messages you aren't interested in.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card