cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4251
Views
4
Helpful
6
Replies

NAT pool counters

rmedvedev
Level 1
Level 1

I wonder if there any way to track dynamic nat pool usage on ASA? I did not find any counters or snmp oid to use.

It's not very convenient to count lines in the cli.

6 Replies 6

varrao
Level 10
Level 10

Hi,

AFAIK there is no counter on the ASA to check the dynamic nat pool usage.

-Varun

Thanks,
Varun Rao

Thank you fot the help Ken, but i have asa software version 8.2.2 and it does not have these oids.

What version do you have?

We recently moved to 8.4.2.  I think that the new oids and "sh nat pool" command were intruduced in 8.3.

Up until our upgrade we were out of luck.  Beware the upgrade is a significant change so read the 8.3 documents very carefully.

k.mattson
Level 1
Level 1

From the "show snmp-server oidlist" command you will see some entries that look like this:

1.3.6.1.2.1.123.1.4.1.2.        natAddrMapName

1.3.6.1.2.1.123.1.4.1.10.       natAddrMapGlobalAddrType

1.3.6.1.2.1.123.1.4.1.11.       natAddrMapGlobalAddrFrom

1.3.6.1.2.1.123.1.4.1.12.       natAddrMapGlobalAddrTo

1.3.6.1.2.1.123.1.4.1.13.       natAddrMapGlobalPortFrom

1.3.6.1.2.1.123.1.4.1.14.       natAddrMapGlobalPortTo

1.3.6.1.2.1.123.1.4.1.15.       natAddrMapProtocol

1.3.6.1.2.1.123.1.4.1.19.       natAddrMapAddrUsed

Specifically the .1.3.6.1.2.1.123.1.4.1.19. group will tell you amount used out of the pool.  Our pools start with .1.3.6.1.2.1.123.1.4.1.19.8.1 and run through .1.3.6.1.2.1.123.1.4.1.19.8.23 currently.

When I compare the numbers to "show nat pool" they jive pretty well up through 21.  22 and 23 don't seem to be a match.

If you use a tool like getif you should be able to see the results of a walk and select those values for experimental graphing.

One gotcha will be that the used number is just that, how many IPs in the pool have been used.  Our pools are not identically sized, so we have to take that into account when determining how close we are to being all used up.

Hope this helps,

Ken

Thanks Ken.

This MIB is supported by our ASA5555 on 9.2(2)4.

Unfortunately there is no correlation between the numbers reported in NAT-MIB::natAddrMapAddrUsed and those returns in "show nat pools" on the CLI.

I may try to open a TAC case for an explaination but I'm guessing Cisco SNMP support on this is "best effort."  If I get anything meaningful back I will post here.

Cathal.

k.mattson
Level 1
Level 1

I also have a work in progress monitoring with MRTG here:

http://mrtg.creighton.edu/NatPool/creighton-fw1.creighton.edu_natpool.html

Review Cisco Networking for a $25 gift card