Tracking Natted IPs

Unanswered Question
Oct 24th, 2008
User Badges:

What is the easiest way to log what private IP used a Natted public IP at specific window of time. We recently were informed that address (within the scope of our public addresses) was scanning ports on a network.

We have an ASDM 5.2 in place.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ricey Fri, 10/24/2008 - 04:50
User Badges:

from the firewall console (in enable) mode enter the command show xlate

That will show all the current address translations.

Hope that helps.

kellyrudnick Fri, 10/24/2008 - 05:19
User Badges:

How about logging one that occured several hours before. How can you enable logging to track translations from a previos period of time?

Thanks for your help.

ricey Fri, 10/24/2008 - 05:54
User Badges:

You could enable logging at the firewall (and forwarding the logs to a syslog server if you have one.) If you set the logging level to informational that will generate alerts as the example below which has both the inside private and public addresses used.

ASA-6-302013: Built outbound TCP connection 94225810 for outside: ( to inside: (

To set the logging at this level and to forward to a syslog server enter the following in config mode.

logging enable

logging trap informational

logging host inside x.x.x.x (inside being the interface associate with the NW where the logging server is and x.x.x.x being the ip address of the logging server.

Please note: this could generate an awful lot of logging information.


This Discussion