Solved: How to monitor IP NAT Pool for ASA (Firepower ASA Appliance)

jewfcb001 · ‎09-24-2020

Hi All,

I would like to monitor IP NAT POOL If IP NAT Pool Full how can monitor this situation ? Is it trigger or send log for Nat Pool Full ?

balaji.bandi · ‎09-24-2020

there are couple ways :

1. if you have enabled syslog to syslog server, it will give an error when the pool exhausted.

example : %ASA-3-202010: [NAT | PAT] pool exhausted for pool-name, port range

2. you can run command (show nat pools)frequently out of box script make a graph or alerts

3. or you can use SNMP polling if you have any NMS in Place and get alerts based on threshold.

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi · ‎09-24-2020

there are couple ways :

1. if you have enabled syslog to syslog server, it will give an error when the pool exhausted.

example : %ASA-3-202010: [NAT | PAT] pool exhausted for pool-name, port range

2. you can run command (show nat pools)frequently out of box script make a graph or alerts

3. or you can use SNMP polling if you have any NMS in Place and get alerts based on threshold.

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jewfcb001 · ‎09-24-2020

Thank you for your information . For Answer Number 3 what is the SNMP polling for IP Nat Pool Full ?

balaji.bandi · ‎09-24-2020

SNMP :

1.3.6.1.2.1.123.1.4.1.19. natAddrMapAddrUsed

But i you may have differ results snmp polling vs real time show nat pool - because it changes dynamically.

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jewfcb001 · ‎09-24-2020

Thank you so much.