Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tracking Natted IPs

What is the easiest way to log what private IP used a Natted public IP at specific window of time. We recently were informed that address 174.103.12.45 (within the scope of our public addresses) was scanning ports on a network.

We have an ASDM 5.2 in place.

3 REPLIES
New Member

Re: Tracking Natted IPs

from the firewall console (in enable) mode enter the command show xlate

That will show all the current address translations.

Hope that helps.

New Member

Re: Tracking Natted IPs

How about logging one that occured several hours before. How can you enable logging to track translations from a previos period of time?

Thanks for your help.

New Member

Re: Tracking Natted IPs

You could enable logging at the firewall (and forwarding the logs to a syslog server if you have one.) If you set the logging level to informational that will generate alerts as the example below which has both the inside private and public addresses used.

ASA-6-302013: Built outbound TCP connection 94225810 for outside:64.233.183.147/80 (64.233.183.147/80) to inside:10.160.42.68/4057 (12.12.12.129/43498)

To set the logging at this level and to forward to a syslog server enter the following in config mode.

logging enable

logging trap informational

logging host inside x.x.x.x (inside being the interface associate with the NW where the logging server is and x.x.x.x being the ip address of the logging server.

Please note: this could generate an awful lot of logging information.

260
Views
0
Helpful
3
Replies