06-07-2013 11:06 AM - edited 03-11-2019 06:54 PM
I have to determine the internal IP address based on the external IP address and tcp port number.
I am extremely new to ASA's and have been poking around unsuccessfully...
Report:
Jun 7 15:47:54 2013 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} aaa.xxx.yyy.2:30374->111.11.6.122:80
How do I find the internal IP address that the ASA translated to aaa.xxx.yyy.2 ?
Thanks!
Hardware: ASA5540-K8, 2560 MB RAM, CPU Pentium 4 2000 MHz
Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)
Compiled on Mon 31-Jan-11 02:11 by builders
System image file is "disk0:/asa841-k8.bin"
06-07-2013 12:10 PM
Hello do the following
sh run | include aaa.xxx.yyy.2
Then from that output you will get the object network that is making reference to that IP address
Then:
show run nat | include TEST( object group name)
You will get the nat statement that is being used for that particular IP address, you just need to focus on the first part of the nat
nat (inside,outside) source static Object_x TEST (The object_x is the one that contains the private IP address)
show run object id Object_x
And you will have the IP address
Sounds more easy than what it looks hehe,
Post the outputs of the commands or send me the configuration via a private message including the public IP address of xx.yyy and I will give u the answer
Regards,
Julio
Hey remember to rate all of the helpful posts, as important as a thanks (keep us motivated)
06-07-2013 01:04 PM
Thank you Julio! PM sent.
06-07-2013 03:06 PM
Hello,
That is correct,
You could enable Netflow or send the logging messages to a syslog servers so you always can analize them,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide