09-18-2008 05:24 AM - edited 03-11-2019 06:46 AM
Is there a command that will display the matches or hit counts that have qualified against a "static" statement on the PIX or ASA?
Thank You
09-18-2008 06:06 AM
Hi Kevin,
Take a look at the output of 'show xlate'. This may give you what you are looking for.
From the ASA 8.0 command reference for 'show xlate':
"The following is sample output from the show xlate command. It shows two static translations. The first translation has one associated connection (called "nconns"), and the second translation has four associated connections."
hostname# show xlate
Global 209.165.201.10 Local 209.165.201.10 static nconns 1 econns 0
Global 209.165.201.30 Local 209.165.201.30 static nconns 4 econns 0
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s7.html#wp1263940
Hope that helps.
-Mike
09-18-2008 06:40 AM
Mike
Thanks for your answer. My dilema is that on this old legacy PIX Firewall, we are currently running only 6.3.4 code. I dont think it has enough memory in it to do very much more than that either.
I thought I had remembered working with a Cisco engineer at some point in the past, and him using a command which showed how many matches there were for successful translations against the STATIC statement. I could be mistaken.
09-18-2008 06:59 AM
Hi Kevin,
'show xlate' may still give you what you're looking for, so take a look at that. The command reference I posted before applies to PIX 6.3(4) a well, but here it is from the PIX 6.3 command reference as well:
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1084248
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide