Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7181
Views
0
Helpful
4
Replies

How to check hit counts on Identity NAT

Go to solution
mahesh18
Level 6
Level 6

‎05-24-2014 09:06 AM - edited ‎03-11-2019 09:14 PM

 

Hi Everyone,

 

I have identity NAT config like below

static(inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

when i do sh nat how can i check hit counts for above rule?

ASA version is 8.2

 

Regards

Mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎05-24-2014 04:02 PM

If you just use "show xlate" without the count keyword it will show you exactly which NAT rules its talking about. That command gives you the active xlate slots currently in use.

The "show nat" is more of a cumulative "hit count". If you add the "detail" command it will similarly show you more detail about the hits.

Identity NAT is similar to NAT exemption or no NAT n that an address is translated to itself. The example you show the output of above is not identity NAT since the 10.0.0.0/8 network is being translated to the ASA outside interface.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-24-2014 09:46 AM

Mahesh,

"show xlate" (and optionally use various keywords such as "count" or pipe output to include only desired addresses) should do the trick for you. i.e.,

show xlate count

show xlate | i 10.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎05-24-2014 10:22 AM

 

Hi Marvin,

sh xlate count

shows 2 used and 2 used most

does this mean that only 2 NAT rules are used ?

 

Also i did sh nat

match ip inside 10.0.0.0 255.0.0.0 outside any
    static translation to 10.0.0.0
    translate_hits = 0, untranslate_hits = 16648

Need to confirm if this is Identity NAT hits?

 

Regards

MAhesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎05-24-2014 04:02 PM

If you just use "show xlate" without the count keyword it will show you exactly which NAT rules its talking about. That command gives you the active xlate slots currently in use.

The "show nat" is more of a cumulative "hit count". If you add the "detail" command it will similarly show you more detail about the hits.

Identity NAT is similar to NAT exemption or no NAT n that an address is translated to itself. The example you show the output of above is not identity NAT since the 10.0.0.0/8 network is being translated to the ASA outside interface.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎05-24-2014 08:28 PM

 

Many thanks Marvin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card