Possible software bug with Static NAT in ASA 5540 code 8.0(4)28

Unanswered Question
Mar 23rd, 2010
User Badges:

hi I was wondering if anyone may have run into this situation with the Cisco ASA 5540 running code version 8.0 (4)28 and know of any possible bug in regards to static NAT mapping. Here is a brief summary:

We have a syslog server that resides behind a Cisco ASA 5540 running code version 8.0 (4) 28 in a data center.This syslog server is responsible for collecting all the sys log from the nation-wide office ASA 5540s and this syslog server only runs a internal static IP and interface with the outside word with a static NAT to a external IP on the Cisco ASA in the data center.  Recently we decided to upgrade the server to a more powerful box and thus changed the static NAT in the ASA reflect the change (external IP remain the same while the internal IP has changed).

Nonetheless I noticed that office ASA  which used to send the syslog using the exact same external addresses are still  sending the logs to the old server IP instead of the new server IP used in the static NAT. Could it be a bug on this code version that is causing the problem ? If so, what is the bug ID number. Any suggestion or advice will be appreciated. thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Wed, 03/24/2010 - 03:50
User Badges:
  • Cisco Employee,

Did you perform a "clear xlate" on that old host after you made changes to the static statement?

If you don't, the new static statement will not take effect since there is constant connectivity towards the syslog server, the idle timeout will not kick i. Hence you will need to manually clear the xlate for that old host.

Hope that helps.

wingchingleung Wed, 03/24/2010 - 07:52
User Badges:

Yes I have manually cleared the xlate after the change in the static mapping and right now as I do the show xlate it is showing the external IP is mapped to the correct (new)  internal server.

The funny thing I did notice is that almost all of my office external brocade switches are sending  the syslog to the new internal server (via the external IP address mapping) but none of my cisco ASA are sending the syslog to the new server. They are still sending it to the old internal server which has no static mapping to an external address right now.

Jennifer Halim Wed, 03/24/2010 - 14:12
User Badges:
  • Cisco Employee,

Are all the ASAs configured to send syslog to the external or internal ip address of the syslog server?

Maybe all the ASAs are configured to send syslog to the internal IP and it still is configured with the old internal ip instead of the new one.

wingchingleung Wed, 03/24/2010 - 14:22
User Badges:

I upgraded the code to 8.2(2) this morning and that resolved the issue. All the office ASA are configured to send syslog to the external IP address and just for reasons I don't know (which I still lean towards a bug in the old code on the ASA that does the static NAT) the syslog are not reaching to the right internal syslog server through the static NAT.

Anyhow. All is working now after i upgraded the code but i am still curious on what bug it could have been on the 8.0(4)28. thanks for your help !


This Discussion