We need a solution to track NAT Translation for ASA Firewalls on CS-MARS.
Currently we are forwarding the following information to MARS.
ogging list xlate-log level warnings class ip
logging list xlate-log message 202001
logging list xlate-log message 305009-305011
logging trap xlate-log
In MARS there is a predefined report called: (All) NAT Connections (Total View). Though, when I run it it doesn't show anything. Perhaps it was written with Router NAT Translation loggin or prhaps I should be logging something else?
NetFlow security event logging (NSEL)— Available on ASA5580 running Version 8.1.x, provides the same type of information as syslog but more efficiently, saving CPU cycles on both the Cisco ASA appliance and CS-MARS. Both connection information and NAT translation data are combined in the same NSEL records, reducing the overall number of records exported compared to syslog.
This is probably a stupid question, but are you clicking "resubmit" to run it, not just "view report"? the latter only shows data if the report has been run before and by default that report isn't scheduled.
Have you tried running a query using the "NAT Connection Report" result format? We don't use ASA, so can't speak to specific messages required. If you're not seeing anything in the above query, you should try turning on all logging(debug) and if the query then returns data, you know you're missing logs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...