05-24-2014 09:06 AM - edited 03-11-2019 09:14 PM
Hi Everyone,
I have identity NAT config like below
static(inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
when i do sh nat how can i check hit counts for above rule?
ASA version is 8.2
Regards
Mahesh
Solved! Go to Solution.
05-24-2014 04:02 PM
If you just use "show xlate" without the count keyword it will show you exactly which NAT rules its talking about. That command gives you the active xlate slots currently in use.
The "show nat" is more of a cumulative "hit count". If you add the "detail" command it will similarly show you more detail about the hits.
Identity NAT is similar to NAT exemption or no NAT n that an address is translated to itself. The example you show the output of above is not identity NAT since the 10.0.0.0/8 network is being translated to the ASA outside interface.
05-24-2014 09:46 AM
Mahesh,
"show xlate" (and optionally use various keywords such as "count" or pipe output to include only desired addresses) should do the trick for you. i.e.,
show xlate count
show xlate | i 10.
05-24-2014 10:22 AM
Hi Marvin,
sh xlate count
shows 2 used and 2 used most
does this mean that only 2 NAT rules are used ?
Also i did sh nat
match ip inside 10.0.0.0 255.0.0.0 outside any
static translation to 10.0.0.0
translate_hits = 0, untranslate_hits = 16648
Need to confirm if this is Identity NAT hits?
Regards
MAhesh
05-24-2014 04:02 PM
If you just use "show xlate" without the count keyword it will show you exactly which NAT rules its talking about. That command gives you the active xlate slots currently in use.
The "show nat" is more of a cumulative "hit count". If you add the "detail" command it will similarly show you more detail about the hits.
Identity NAT is similar to NAT exemption or no NAT n that an address is translated to itself. The example you show the output of above is not identity NAT since the 10.0.0.0/8 network is being translated to the ASA outside interface.
05-24-2014 08:28 PM
Many thanks Marvin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide