Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Strange logs seen on ASA

Hi CSC,

I have the following setup. See attached file.

  match ip inside any inside host RSO-EX4_Private_172.16.xx.4

    NAT exempt

    translate_hits = 0, untranslate_hits = 0

  match ip inside any outside host EX4_Private_172.16.xx.4

    NAT exempt

    translate_hits = 0, untranslate_hits = 0

  match ip inside any NOA host EX4_Private_172.16.xx.4

    NAT exempt

    translate_hits = 0, untranslate_hits = 0

  match ip inside any Private-DMZ host RSO-EX4_Private_172.16.xx.4

    NAT exempt

    translate_hits = 90470, untranslate_hits = 103605

  match ip inside any NOB host EX4_Private_172.16.xx.4

    NAT exempt

    translate_hits = 0, untranslate_hits = 0

  match ip inside any management host EX4_Private_172.16.xx.4

    NAT exempt

    translate_hits = 0, untranslate_hits = 0

  match ip inside any inside any

    dynamic translation to pool 1 (No matching global)

    translate_hits = 0, untranslate_hits = 0

  match ip inside any outside any

    dynamic translation to pool 1 (Wan_interface_IP [Interface PAT

])

    translate_hits = 545606, untranslate_hits = 42471

  match ip inside any NOA any

    dynamic translation to pool 1 (No matching global)

    translate_hits = 0, untranslate_hits = 0

  match ip inside any Private-DMZ any

    dynamic translation to pool 1 (No matching global)

    translate_hits = 0, untranslate_hits = 0

  match ip inside any NOB any

    dynamic translation to pool 1 (No matching global)

    translate_hits = 0, untranslate_hits = 0

  match ip inside any management any

    dynamic translation to pool 1 (No matching global)

    translate_hits = 0, untranslate_hits = 0

NAT policies on Interface outside:

  match ip outside host EX4_Public_202.xxx.xxx.38 Private-DMZ any

    static translation to EX4_Private_172.16.xx.4

    translate_hits = 0, untranslate_hits = 2

NAT policies on Interface Private-DMZ:

  match ip Private-DMZ host EX4_Private_172.16.xx.4 outside any

    static translation to EX4_Public_202.xxx.xxx.38

    translate_hits = 1360, untranslate_hits = 3655

and a few questions:

1) Am I setting up the nat correctly?

2) What is the meaning of translated hits and untranslated hits?

3) Why is there an built inbound and built outbound to that 172.16.xx.4 IP address when i only initiated 1 ping packet?

Feb 21 16:29:15 172.16.yy.254 :Feb 21 16:29:15 HKT: %ASA-session-6-302020: Built outbound ICMP connection for faddr EX4_Private_172.16.xx.4/0 gaddr 172.16.1xx.99/1 laddr 172.16.1xx.99/1

Feb 21 16:29:15 172.16.yy.254 :Feb 21 16:29:15 HKT: %ASA-session-6-302020: Built inbound ICMP connection for faddr EX4_Private_172.16.xx.4/0 gaddr 172.16.1xx.99/1 laddr 172.16.1xx.99/1

Feb 21 16:29:19 172.16.yy.254 :Feb 21 16:29:19 HKT: %ASA-session-6-302021: Teardown ICMP connection for faddr EX4_Private_172.16.xx.4/0 gaddr 172.16.1xx.99/1 laddr 172.16.1xx.99/1

Feb 21 16:29:19 172.16.yy.254 :Feb 21 16:29:19 HKT: %ASA-session-6-302021: Teardown ICMP connection for faddr EX4_Private_172.16.xx.4/0 gaddr 172.16.1xx.99/1 laddr 172.16.1xx.99/1

4) Could packet be lost due to misconfigured NAT rules?

Any advice? Thanks.

376
Views
0
Helpful
0
Replies
CreatePlease login to create content