Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Help with xlate on ASA

Hi,

We are using Netflow on our ASA and our internet pipe inbound is at it's maximum and in Netflow I can see the external IP of the site and the destination IP is the outside IP of our firewall, how can I see what our ASA is PATing this address to internally, so I can go to the users PC?

Thanks

3 REPLIES
New Member

Help with xlate on ASA

Andy,

The command reference shows some options for the 'show xlate' command on the ASA which may be helpful:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s7.html#wp1308781

If you know the outside PAT port being used in the connection, you might be able to find the tranlsation in question by using the 'show xlate gport '.

For example, if the site was replying to 2.2.2.2:1000, you could do a 'show xlate gport 1000' to find the translation entry for this connection.

Is this what you are looking for?

Thanks!

Joey

New Member

Help with xlate on ASA

hi,

I must be doing something slightly wrong, if I go onto the ASA and type "sh xlate interface outside" it only shows traffice for the outside of our ASA to VPN's, where is all the traffic to websites etc?

For example all I'm seeing is information like below

PAT Global x.x.x.x (16095) Local 172.19.10.167(1238)

Any ideas?

kind regards

New Member

Help with xlate on ASA

Andy,

Is 172.19.10.x a regular internal subnet? In your example:

PAT Global x.x.x.x (16095) Local 172.19.10.167(1238)

This is saying that the local host 172.19.10.167 is being translated to the public address x.x.x.x:16095. Can you see destination port numbers using your Netflow setup? If for example you saw the following:

Netflow: Cisco.com > x.x.x.x:16095

Then we know that host 172.19.10.167 was accessing Cisco.com.

If I'm still not understanding your issue correctly, you may want to attach a 'show run' (or at least 'show int', 'show run nat', and 'show run global' if you're using 8.2 or lower).

Thanks

Joey

443
Views
0
Helpful
3
Replies
CreatePlease to create content