NAT Translation Reports for ASA

Unanswered Question
May 6th, 2009

We need a solution to track NAT Translation for ASA Firewalls on CS-MARS.

Currently we are forwarding the following information to MARS.

ogging list xlate-log level warnings class ip

logging list xlate-log message 202001

logging list xlate-log message 305009-305011

logging trap xlate-log

In MARS there is a predefined report called: (All) NAT Connections (Total View). Though, when I run it it doesn't show anything. Perhaps it was written with Router NAT Translation loggin or prhaps I should be logging something else?

Any Ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Wed, 05/13/2009 - 08:11

NetFlow security event logging (NSEL)— Available on ASA5580 running Version 8.1.x, provides the same type of information as syslog but more efficiently, saving CPU cycles on both the Cisco ASA appliance and CS-MARS. Both connection information and NAT translation data are combined in the same NSEL records, reducing the overall number of records exported compared to syslog.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap10.html#wp1053059

mhellman Mon, 05/18/2009 - 08:33

This is probably a stupid question, but are you clicking "resubmit" to run it, not just "view report"? the latter only shows data if the report has been run before and by default that report isn't scheduled.

Have you tried running a query using the "NAT Connection Report" result format? We don't use ASA, so can't speak to specific messages required. If you're not seeing anything in the above query, you should try turning on all logging(debug) and if the query then returns data, you know you're missing logs.

Farrukh Haroon Wed, 05/20/2009 - 02:08

As others have suggested, enable level 7 debugging to syslog and then check if the reports can be generated. Then proceed from there.

Regards

Farrukh

Actions

This Discussion