Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

How to view NATting on ASA 5510?

Hi,

configured static NAT with the rules applied to it, i wanted to view the public IP users who is hitting my server residing behind the ASA with the private IP configured& accessing the specified port

Internet User ---->Internet Router----> ASA ------> All My Servers

rules i applied to access only webserver & ftp as an example.

My requirement is to view which public IP is using which webserver or ftp server ip address on which port.

eg. 1.1.1.1 ------->100.1.1.1---->192.168.1.1 port 21

1.1.1.1------>100.1.1.2----->192.168.1.2 port 80

where 1.1.1.1 is the internet user

100.1.1.1 & 100.1.1.2 is the my actual ftp server & web server, but configured on ASA to do a static NAT to 192.16.1.1 & 192.168.1.2

2 REPLIES
Cisco Employee

Re: How to view NATting on ASA 5510?

Enable logging, that would tell you the sequence of events, when and which ip address tried to access which host on the inside.

logging on

logging monitor 6

term mon

If ASA has lot of traffic flowing across, it is recommended to configure a syslog for the same, do not use monitor logging in that case.

-Kanishka

Cisco Employee

Re: How to view NATting on ASA 5510?

one more workaround to view the public ip addresses which are accessing your internal server is the command :

sh conn detail | grep

you'll see all the existing connections.

the connection detail give you the internet ip address accesisng the internal server,the port on which the connection is made ,the state of the ocnnection and the time too.

Please rate if this helps!!

Regards,

Sushil

127
Views
0
Helpful
2
Replies
CreatePlease to create content