01-24-2019 07:53 AM - edited 02-21-2020 08:42 AM
Hello,
Our ISP has given us Netflow access and we can see what the ISP Cisco router is sending and receiving, this is great but as a source or destination I only see our 'outside' public IP. I understand this is normal, but is there a way I can see what the ASA is translating this to in the inside?
So it will normally show something like:
Source = ASA publicIP destination = website publicIP port= 443
I wondered if I new some of the data I can somehow find out what this is on the inside?
Thanks
01-24-2019 08:08 AM
Does "show xlate" help you for this case? I think you could view the real time PAT translation by this command.
But I am not sure how could you view the historical translation record if you are looking for historical Netflow data.
01-24-2019 08:20 AM
01-24-2019 08:46 AM - edited 01-24-2019 08:50 AM
This is correct you need to enable net flow on the inside network in order to check what ip addresses are sending and receiving data.
Check this his link for configuration guide example how to setup
https://community.cisco.com/t5/security-documents/netflow-on-asa/ta-p/3119176
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: