07-19-2011 12:27 PM - edited 03-11-2019 02:00 PM
I wonder if there any way to track dynamic nat pool usage on ASA? I did not find any counters or snmp oid to use.
It's not very convenient to count lines in the cli.
07-19-2011 07:19 PM
Hi,
AFAIK there is no counter on the ASA to check the dynamic nat pool usage.
-Varun
08-18-2011 11:43 PM
Thank you fot the help Ken, but i have asa software version 8.2.2 and it does not have these oids.
What version do you have?
08-19-2011 12:17 PM
We recently moved to 8.4.2. I think that the new oids and "sh nat pool" command were intruduced in 8.3.
Up until our upgrade we were out of luck. Beware the upgrade is a significant change so read the 8.3 documents very carefully.
08-17-2011 03:47 PM
From the "show snmp-server oidlist" command you will see some entries that look like this:
1.3.6.1.2.1.123.1.4.1.2. natAddrMapName
1.3.6.1.2.1.123.1.4.1.10. natAddrMapGlobalAddrType
1.3.6.1.2.1.123.1.4.1.11. natAddrMapGlobalAddrFrom
1.3.6.1.2.1.123.1.4.1.12. natAddrMapGlobalAddrTo
1.3.6.1.2.1.123.1.4.1.13. natAddrMapGlobalPortFrom
1.3.6.1.2.1.123.1.4.1.14. natAddrMapGlobalPortTo
1.3.6.1.2.1.123.1.4.1.15. natAddrMapProtocol
1.3.6.1.2.1.123.1.4.1.19. natAddrMapAddrUsed
Specifically the .1.3.6.1.2.1.123.1.4.1.19. group will tell you amount used out of the pool. Our pools start with .1.3.6.1.2.1.123.1.4.1.19.8.1 and run through .1.3.6.1.2.1.123.1.4.1.19.8.23 currently.
When I compare the numbers to "show nat pool" they jive pretty well up through 21. 22 and 23 don't seem to be a match.
If you use a tool like getif you should be able to see the results of a walk and select those values for experimental graphing.
One gotcha will be that the used number is just that, how many IPs in the pool have been used. Our pools are not identically sized, so we have to take that into account when determining how close we are to being all used up.
Hope this helps,
Ken
02-24-2017 10:38 AM
Thanks Ken.
This MIB is supported by our ASA5555 on 9.2(2)4.
Unfortunately there is no correlation between the numbers reported in NAT-MIB::natAddrMapAddrUsed and those returns in "show nat pools" on the CLI.
I may try to open a TAC case for an explaination but I'm guessing Cisco SNMP support on this is "best effort." If I get anything meaningful back I will post here.
Cathal.
08-18-2011 04:19 PM
I also have a work in progress monitoring with MRTG here:
http://mrtg.creighton.edu/NatPool/creighton-fw1.creighton.edu_natpool.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide