I try to analyze a complex PIX config and would like to analyze the NAT usage. There are ALL variations of NATing in it, therefore I get static, dynamic, nat exemption etc.
I can see how I could trace down dynamic NAT (by counting "built dynamic TCP translation" in the syslog data) and ACL-based NAT (via acl counters).
Any idea how to trace static NAT usage und exemption / nat 0 usage ? As a last ressort, permit ACLs would be an idea (and then have counters on them), but I´d like a more comfortable way.
Any hints on tools are welcome as well, currently I test FireGen which looks quite nice and is affordable.