verify nat on asa

cfajardo1_2 · ‎11-24-2007

device: asa 5520

how can i verify whether my nat is realy taking place aside from the sh xlate;

static (dmz2,outside) IPoutside IPdmz2

JORGE RODRIGUEZ · ‎11-24-2007

you can do

show local-host IPdmz2

or

show xlate | inc IPoutside

beside these commands if your nat config is correct connection is another way to determined it is woring.

Rate any helpful post !

HTH

Jorge

Jorge Rodriguez

cfajardo1_2 · ‎11-24-2007

but both of this shows translation is there even though theres no actual traffic taking place.

i wanted to know whether translation is realy taking place

cfajardo1_2 · ‎11-24-2007

even though you do a clear xlate, and you do a sho xlate, it will still sh you the translation

JORGE RODRIGUEZ · ‎11-24-2007

that means either the local host is receiving traffic from outside or generating-requesting outbound traffic by some app in host.. issue in pix enable mode PIX#clear local-host IPdmz , then do show xlate see if it still has translations.

Pls rate any helpful post

Jorge

Jorge Rodriguez

srue · ‎11-25-2007

the 'show conn' command might help you on this also.

zv92470-dst · ‎11-26-2007

try "sh nat" and see if that helps.