NAT: Untranslate_hits

Answered Question
Nov 29th, 2008
User Badges:

hi,


On a 'show nat' display, what does the untranslate_hits mean as opposed to translate_hits.


thanks.

Correct Answer by Jon Marshall about 8 years 5 months ago

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA


counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion


So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help


static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255


If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.


If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.


So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.


Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.


Jon

Correct Answer by Jon Marshall about 8 years 5 months ago

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses


In other words NAT is a 2 way process.


real IP = 192.168.5.10

Natted IP = 195.177.12.1


translate hit is when 192.168.5.10 is changed to 195.177.12.1


untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 11/29/2008 - 08:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses


In other words NAT is a 2 way process.


real IP = 192.168.5.10

Natted IP = 195.177.12.1


translate hit is when 192.168.5.10 is changed to 195.177.12.1


untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10


Jon

new_networker Sat, 11/29/2008 - 09:32
User Badges:


In my scenario, I have noticed that the translate hits are zero and untranslate_hits is non-zero. Is this possible. I am hitting the real IP from internet.

Correct Answer
Jon Marshall Sat, 11/29/2008 - 09:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA


counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion


So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help


static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255


If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.


If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.


So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.


Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.


Jon

Actions

This Discussion