ASA nat access list hit count

Unanswered Question
Jun 2nd, 2008
User Badges:

Can someone tell me why v7.2 of the PIX/ASA OS doesn't register hits on an access list used for nat? I always used this on v6 to check the rule was working. The show nat command seems to be a bit random with it's counters as well. Is there another way to monitor the nat rules that i'm missing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Mon, 06/02/2008 - 11:21
User Badges:
  • Red, 2250 points or more

I think to speed up things, for existing sessions (already in the state table) NAT policy and various other lookups etc are not performed. Perhaps this is the reason why you are seeing this behavior. So you will see a hit in the NAT statement for only the first packet in the flow (or based on some other similar criteria).




This Discussion