Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Logging NAT translation on a Cisco ASA

Hi,

I own a Cisco ASA 5520. It's configured to send all log to a syslog server. Now I want to log also NAT translations (i.e. the internal private IP address and the external public IP of every new connection).

Is it possible to do? Any hints?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Logging NAT translation on a Cisco ASA

Hi

From my syslog server

Apr 26 08:35:03 10.228.48.6 Apr 26 2007 08:51:36: %PIX-6-305009: Built static translation from outside:10.15.1.1 to inside:10.228.56.2

From the cisco pix message docs

=============================================

Error Message %PIX-6-305009: Built {dynamic|static} translation from

interface:real-address to interface:mapped-address

Explanation An address translation slot was created. The slot is used to translate the source address from the local side to the global side. In reverse, the slot is used to translate the destination address from the global side to the local side.

Recommended Action None required.

=============================================

These messages are logged as informational so you will need to set your trap level to info on your pix. This will generate a lot of info so take into account bandwidth used on network and big logs.

I use syslog-ng which doesn't solve the bandwidth problem but does allow you to intelligently discard messages you aren't interested in.

HTH

Jon

1 REPLY
Hall of Fame Super Blue

Re: Logging NAT translation on a Cisco ASA

Hi

From my syslog server

Apr 26 08:35:03 10.228.48.6 Apr 26 2007 08:51:36: %PIX-6-305009: Built static translation from outside:10.15.1.1 to inside:10.228.56.2

From the cisco pix message docs

=============================================

Error Message %PIX-6-305009: Built {dynamic|static} translation from

interface:real-address to interface:mapped-address

Explanation An address translation slot was created. The slot is used to translate the source address from the local side to the global side. In reverse, the slot is used to translate the destination address from the global side to the local side.

Recommended Action None required.

=============================================

These messages are logged as informational so you will need to set your trap level to info on your pix. This will generate a lot of info so take into account bandwidth used on network and big logs.

I use syslog-ng which doesn't solve the bandwidth problem but does allow you to intelligently discard messages you aren't interested in.

HTH

Jon

4419
Views
0
Helpful
1
Replies
CreatePlease to create content