Re: Debuging NAT on ASA

SDWorx_2 · ‎06-03-2008

Hi,

I don't know this is possible (I can't find it how) but I would like to debug all translations the ASA performs. I would like to view in realtime all translations.

Show xlate is a way to view translations I guess, but it is not what I was looking for.

Is there any way I can get this done?

Thank you,

Jan

smahbub · ‎06-09-2008

To display active Network Address Translation (NAT) translations, use the "show ip nat translations" command in EXEC mode.

Refer the following url for more info:

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp1082204

Collin Clark · ‎06-09-2008

Jan-

What Shumon suggested will only work on routers. With the new ASA's I have not been able to find a command to debug NAT.

Amadou TOURE · ‎06-09-2008

show local-host, show connection could help even they're not exclusively related to NAT.

You could also use the command :

"logging list event_list message start" with the Message 202001 (out of translation slots) and messages 305009 through

305011 (translations built and torn down)

Regards

Farrukh Haroon · ‎06-09-2008

I'm also unaware of any command that can help you debug NAT. You can use the following tough:

show xlate [det | debug]

show conn det [all]

show local-host [all]

show nat

Regards

Farrukh

Rajendran N · ‎10-01-2017

I would like to inform you that this can be checked with the command :

“show xlate global <ip address>”

You can read more about it at the below link :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s14.html#pgfId-1336424