cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
174
Views
0
Helpful
1
Replies

PAT question

mjsully
Level 1
Level 1

Our pix firewall is setup to use PAT for translating our internal users to a routable ip. We have the firewall using a syslog server. My question is if there is any way to track down who utilized a particular connection when going out through the firewall. Obviously, they all show up as the PAT address, but we need to drill down and see a particular connection going through it. Can this be done? I have not looked at the syslog yet, as our firewall is heavy hit and logs a huge amount in a short time and I don't want to chase something thats not there if I don't have to. Thanks

1 Reply 1

gfullage
Cisco Employee
Cisco Employee

The syslog messages showing the building of UDP/TCP connections will show both the original source IP address and the PAT'd address, so this will tell you the info you want.

From the Logging messages reference (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm):

---------------------------------------------------------------------

302013

Error Message %PIX-6-302013: Built {inbound|outbound} TCP connection number for interface_name:real_address/real_port (mapped_address/mapped_port) to interface_name:real_address/real_port (mapped_address/mapped_port) [(user)]

Explanation A TCP connection slot between two hosts was created.

Where:

connection number is a unique identifier.

interface, real_address, real_port identify the actual sockets.

mapped_address, mapped_port identify the mapped sockets.

user is the AAA name of the user.

If inbound is specified, then the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection was initiated from the inside

------------------------------------------------------------------

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: