NAT: Untranslate_hits

Answered Question
Nov 29th, 2008

hi,

On a 'show nat' display, what does the untranslate_hits mean as opposed to translate_hits.

thanks.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 1 month ago

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA

counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion

So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help

static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255

If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.

If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.

So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.

Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.

Jon

Correct Answer by Jon Marshall about 8 years 1 month ago

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses

In other words NAT is a 2 way process.

real IP = 192.168.5.10

Natted IP = 195.177.12.1

translate hit is when 192.168.5.10 is changed to 195.177.12.1

untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 11/29/2008 - 08:27

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses

In other words NAT is a 2 way process.

real IP = 192.168.5.10

Natted IP = 195.177.12.1

translate hit is when 192.168.5.10 is changed to 195.177.12.1

untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10

Jon

new_networker Sat, 11/29/2008 - 09:32

In my scenario, I have noticed that the translate hits are zero and untranslate_hits is non-zero. Is this possible. I am hitting the real IP from internet.

Correct Answer
Jon Marshall Sat, 11/29/2008 - 09:58

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA

counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion

So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help

static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255

If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.

If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.

So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.

Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.

Jon

Actions

This Discussion