ASA nat access list hit count

Unanswered Question
Jun 2nd, 2008

Can someone tell me why v7.2 of the PIX/ASA OS doesn't register hits on an access list used for nat? I always used this on v6 to check the rule was working. The show nat command seems to be a bit random with it's counters as well. Is there another way to monitor the nat rules that i'm missing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Mon, 06/02/2008 - 11:21

I think to speed up things, for existing sessions (already in the state table) NAT policy and various other lookups etc are not performed. Perhaps this is the reason why you are seeing this behavior. So you will see a hit in the NAT statement for only the first packet in the flow (or based on some other similar criteria).




This Discussion