cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
27455
Views
26
Helpful
5
Replies

NAT: Untranslate_hits

new_networker
Level 1
Level 1

hi,

On a 'show nat' display, what does the untranslate_hits mean as opposed to translate_hits.

thanks.

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses

In other words NAT is a 2 way process.

real IP = 192.168.5.10

Natted IP = 195.177.12.1

translate hit is when 192.168.5.10 is changed to 195.177.12.1

untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10

Jon

View solution in original post

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA

counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion

So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help

static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255

If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.

If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.

So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.

Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.

Jon

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses

In other words NAT is a 2 way process.

real IP = 192.168.5.10

Natted IP = 195.177.12.1

translate hit is when 192.168.5.10 is changed to 195.177.12.1

untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10

Jon

In my scenario, I have noticed that the translate hits are zero and untranslate_hits is non-zero. Is this possible. I am hitting the real IP from internet.

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA

counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion

So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help

static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255

If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.

If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.

So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.

Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.

Jon

Yup that answers my query.

So complex be exact without more information, I just can image an scenario where the real ip needs to go out as anothe "mapped" but no be contact from "outside traffic". 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: