Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Debuging NAT on ASA

Hi,

I don't know this is possible (I can't find it how) but I would like to debug all translations the ASA performs. I would like to view in realtime all translations.

Show xlate is a way to view translations I guess, but it is not what I was looking for.

Is there any way I can get this done?

Thank you,

Jan

5 REPLIES
Silver

Re: Debuging NAT on ASA

To display active Network Address Translation (NAT) translations, use the "show ip nat translations" command in EXEC mode.

Refer the following url for more info:

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp1082204

Re: Debuging NAT on ASA

Jan-

What Shumon suggested will only work on routers. With the new ASA's I have not been able to find a command to debug NAT.

Community Member

Re: Debuging NAT on ASA

show local-host, show connection could help even they're not exclusively related to NAT.

You could also use the command :

"logging list event_list message start" with the Message 202001 (out of translation slots) and messages 305009 through

305011 (translations built and torn down)

Regards

Re: Debuging NAT on ASA

I'm also unaware of any command that can help you debug NAT. You can use the following tough:

show xlate [det | debug]

show conn det [all]

show local-host [all]

show nat

Regards

Farrukh

Community Member

Re: Debuging NAT on ASA

I would like to inform you that this can be checked with the command :

“show xlate global <ip address>”

You can read more about it at the below link :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s14.html#pgfId-1336424

10026
Views
0
Helpful
5
Replies
CreatePlease to create content