Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

How to track NAT xlate entries (ASA5550, 7.2)

Management wants to track our xlate table (NAT) history. The ASA does not seem to have the CISCO-IETF-NAT-MIB SNMP MIB and there do not seem to be any SNMP traps generated by xlate entry creation to removal, so the only way to do this seems to be to just log in to the box with an expect script and capture the output of "show xlate" every hour or so.

Has anyone come up with a better approach than this for the ASA? Thanks -w

2 REPLIES
Cisco Employee

Re: How to track NAT xlate entries (ASA5550, 7.2)

I am not sure if there is an OID for this.

If you are looking to archive the x-late creation perhaps you can save the syslogs

Sep 23 2009 14:53:00: %ASA-6-305011: Built dynamic TCP translation from inside:192.168.2.2/3498 to outside:172.18.254.34/8779

The following in particular for building translation for a particular host on the inside to the outside.

Here is the syslog link for the ASA 7.2

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html

New Member

Re: How to track NAT xlate entries (ASA5550, 7.2)

Thanks for finding those syslog messages for me - I was searching for "NAT", "xlate" ,etc. I'm going to keep using expect. To get those entries logged I'd have to enable Info-level syslog and that is just too much stuff. Doesn't look like I can override individual messages on with "logging message 305011" like I can disable them with "no logging message 305011".

1498
Views
0
Helpful
2
Replies
CreatePlease to create content