Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

PIX 515e Sh Xlate and inside users

I have a Pix 515e and when I do a show xlate I see the outside "destenation" IP address and the natted address with port numbers. My question is how do I correlated the natted address with port numbers to a inside users IP address?

  • Other Security Subjects
4 REPLIES
New Member

Re: PIX 515e Sh Xlate and inside users

I had to reread this a couple of times to fully understand the intent.

XLATE refers to PAT (Global) so what you are seeing is the PIX box creating internal port maps to internal port maps. Theres little to correlate other than there is a reasignment. Meaning I don't know of any way or need to try to manipulate the port translation.

Could you be a bit more specific as to what your trying to accomplish?

Thank-you.

Gold

Re: PIX 515e Sh Xlate and inside users

Global 1.1.1.1 Local 192.168.1.100

Global 2.2.2.2 Local 192.168.1.200

PAT Global 3.3.3.3 (36505) Local 192.168.1.1(2441)

PAT Global 3.3.3.3 (36504) Local 192.168.1.1(1028)

the first two entries indicate that these private ips have static nat configured, since it is static, there is no port number associated.

the bottom two entries have a key word pat indicates taht these are patted by the pix. e.g. the original port is 2441 and it is being translated to 36505. the port shown here is the source port not the destiation port.

further, you may do "sh conn" to obtain more detail such as the destination port etc.

e.g.

UDP out 203.18.56.42:53 in 192.168.233.52:1028 idle 0:00:20 flags d

as you can see, this output has the original ip and port, which maps the last entry of the previous output.

New Member

Re: PIX 515e Sh Xlate and inside users

Thank you this really helps out a lot.

New Member

Re: PIX 515e Sh Xlate and inside users

You might like the output of

show local-host

Since it shows connection by host

197
Views
0
Helpful
4
Replies