Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT: Untranslate_hits

hi,

On a 'show nat' display, what does the untranslate_hits mean as opposed to translate_hits.

thanks.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: NAT: Untranslate_hits

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses

In other words NAT is a 2 way process.

real IP = 192.168.5.10

Natted IP = 195.177.12.1

translate hit is when 192.168.5.10 is changed to 195.177.12.1

untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10

Jon

Hall of Fame Super Blue

Re: NAT: Untranslate_hits

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA

counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion

So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help

static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255

If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.

If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.

So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.

Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.

Jon

4 REPLIES
Hall of Fame Super Blue

Re: NAT: Untranslate_hits

translate_hits = counter for real to mapped IP addresses

untranslate_hits = counter for mapped to real IP addresses

In other words NAT is a 2 way process.

real IP = 192.168.5.10

Natted IP = 195.177.12.1

translate hit is when 192.168.5.10 is changed to 195.177.12.1

untranslate hit is when 195.177.12.1 is changed back to 192.168.5.10

Jon

New Member

Re: NAT: Untranslate_hits

In my scenario, I have noticed that the translate hits are zero and untranslate_hits is non-zero. Is this possible. I am hitting the real IP from internet.

Hall of Fame Super Blue

Re: NAT: Untranslate_hits

Actually yes it is possible and i may have been a little imprecise in my previous answer. From the Cisco command reference for ASA

counters-translate_hits provide counters for real to mapped address conversion and untranslate_hits provide counters for mapped to real address conversion

So even though NAT is a 2 way process i'm not sure what you are seeing with the counters is the 2 way conversion. An example might help

static (inside,outside) 195.177.12.1 192.168.5.1 netmask 255.255.255.255

If the connection is initiated from the inside host 192.168.5.1 i believe you will see this as a translate_hit because it is a real to mapped IP address translation.

If the connection is initiated from the outside to the 195.177.12.1 address i believe you will see this as an untranslate_hit because this is a mapped IP to real translation.

So i don't believe that for a connection you will get both a translate_hit and an untranslate_hit, rather i think it registers as either one or the other depending on which side the connection was initiated from.

Unfortunately i don't have an ASA to test this with but it would account for the uneven counters in your output.

Jon

New Member

Re: NAT: Untranslate_hits

Yup that answers my query.

8775
Views
0
Helpful
4
Replies
CreatePlease to create content