Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3588
Views
0
Helpful
2
Replies

NAT hit count question

matthewatt
Level 1
Level 1

‎03-24-2020 12:26 PM

Is the output of the "show nat" command, which shows the number of thits on NAT rules, a reliable counter in the same way that access-list counters are, meaning unless cleared or if the firewall is rebooted, can I count on these hit counts as being an accurate portrayal of what is actually being used? trying to clean up an old firewall with a lot of NAT rules, many show no hit counts since the last reboot.

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎03-24-2020 01:12 PM

For best approach here, if the count not increasing, disable the NAT rule, before doing that check from command level also show nat detail and show xlate count.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-25-2020 02:05 AM

Hi,

 

    Unless you have a code which has some bugs related to the "hit" counters, each new flow which matches a NAT entry, upon which a new session is created through the device, is gonna increase the "hit" value by 1. So yes, you can use the "hit" counters as a reference to which NAT statements are actively matched by traffic and which do not. If you have a NAT statement for which you don't see hits, try simulating traffic via packet-tracer, matching that NAT statement, you will see the "hit" counter increasing. Use "clear nat counters" first, to start from zero.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card