topic Re: translation status in Network Security

translation status

suthomas1 — Mon, 11 Mar 2019 19:12:32 GMT

can some one help to understand the following translation i see on a remote firewall,asa.

PAT Global 20.20.10.10(24777) Local 172.16.24.10(37296)

PAT Global 20.20.10.10(63227) Local 172.16.24.10(34569)

i can numerous of these types.

what does the no. in parenthesis stand for each line and does this mean the connections are working fine.

TIA

Re: translation status

rmavila — Mon, 22 Nov 2010 12:04:15 GMT

The numbers in the paranthesis are the port numbers it is using. PAT Global 20.20.10.10(24777) Local 172.16.24.10(37296) tells us that inside ip 172.16.24.10 on source port 37296 is getting translated and will go out with ip 20.20.10.10 and source port 24777. The second connection will be using the next line of translations.Hope it answers your question.

Regards

Rahul

Re: translation status

suthomas1 — Mon, 22 Nov 2010 14:56:29 GMT

Thanks, that clears it.

Now , if suppose the connection has a problem for any reasons & is not working. would i still be seeing translate like this.

Re: translation status

Panos Kampanakis — Mon, 22 Nov 2010 17:19:19 GMT

Yes, The ASA might be building an xlate, but for example there might not be return traffic coming back.

You woule need to investigate.

I would suggest to use command "capture capout interface outside match ip host any" and after testing doing "sh cap capout" to see if you are sending the packets to the remote site and if there are packets coming back.

I hope it helps.

Re: translation status

suthomas1 — Tue, 23 Nov 2010 06:27:34 GMT

thanks. following is a trace from asa for the packet flow.

192.168.200.5 - host

2.2.2.2 - internet based service

3.3.3.3 - public ip for host 192.168.100.5 ( nat done on asa )

nat ( local ) 1 192.168.100.5 255.255.255.255

global ( internet) 1 3.3.3.3

6 packets captured

1: 07:20:03.624570 192.168.200.5.39419 > 2.2.2.2.25: S 3942230736:3942230736(0) win 8192

2: 07:20:03.632047 2.2.2.2.25 > 192.168.200.5.39419: S 2209827644:2209827644(0) ack 3942230737 win 8192

3: 07:20:03.719887 192.168.200.5.39419 > 2.2.2.2.25: . ack 2209827645 win 1460

4: 07:20:03.726189 2.2.2.2.25 > 192.168.200.5.39419: P 2209827645:2209827739(94) ack 3942230737 win 64860

5: 07:20:03.814822 192.168.200.5.39419 > 2.2.2.2.25: P 3942230737:3942230751(14) ack 2209827739 win 64766

6: 13:50:04.013579 2.2.2.2.25 > 192.168.200.5.39419: . ack 3942230751 win 64846

____________

1: 07:29:03.137276 3.3.3.3.24363 > 2.2.2.2.25: S 1840215282:1840215282(0) win 8192

2: 07:29:03.142967 2.2.2.2.25 > 3.3.3.3.24363: S 762906101:762906101(0) ack 1840215283 win 8192

3: 07:29:03.146644 3.3.3.3.24363 > 2.2.2.2.25: . ack 762906102 win 1460

4: 07:29:03.153724 2.2.2.2.25 > 3.3.3.3.24363: P 762906102:762906196(94) ack 1840215283 win 64860

5: 07:29:03.157599 3.3.3.3.24363 > 2.2.2.2.25: P 1840215283:1840215297(14) ack 762906196 win 64766

6: 07:29:03.344052 2.2.2.2.25 > 3.3.3.3.24363: . ack 1840215297 win 64846

7: 07:29:05.164099 2.2.2.2.25 > 3.3.3.3.24363: P 762906196:762906228(32) ack 1840215297 win 64846

8: 07:29:05.168661 3.3.3.3.24363 > 2.2.2.2.25: P 1840215297:1840215303(6) ack 762906228 win 64734

9: 07:29:05.168722 3.3.3.3.24363 > 2.2.2.2.25: F 1840215303:1840215303(0) ack 762906228 win 64734

10: 07:29:05.175573 2.2.2.2.25 > 3.3.3.3.24363: . ack 1840215304 win 64840

11: 07:29:05.175741 2.2.2.2.25 > 3.3.3.3.24363: P 762906228:762906276(48) ack 1840215304 win 64840

12: 07:29:05.175772 2.2.2.2.25 > 3.3.3.3.24363: F 762906276:762906276(0) ack 1840215304 win 64840

13: 07:29:05.179296 3.3.3.3.24363 > 2.2.2.2.25: R 1840215304:1840215304(0) ack 762906276 win 0

14: 14:01:33.674754 3.3.3.3.13197 > 2.2.2.2.25: S 3161967592:3161967592(0) win 8192

My sight dont see any wrong with the flow. however emails cant be sent out from hosts.

packet trace gives allowed flow for each stage.

I also tried permitting tls under mail policy map.

Is there any other part remaining to be checked on the asa.

TIA

Message was edited by: suthomas1