10-24-2008 04:40 AM - edited 03-10-2019 04:20 AM
What is the easiest way to log what private IP used a Natted public IP at specific window of time. We recently were informed that address 174.103.12.45 (within the scope of our public addresses) was scanning ports on a network.
We have an ASDM 5.2 in place.
10-24-2008 04:50 AM
from the firewall console (in enable) mode enter the command show xlate
That will show all the current address translations.
Hope that helps.
10-24-2008 05:19 AM
How about logging one that occured several hours before. How can you enable logging to track translations from a previos period of time?
Thanks for your help.
10-24-2008 05:54 AM
You could enable logging at the firewall (and forwarding the logs to a syslog server if you have one.) If you set the logging level to informational that will generate alerts as the example below which has both the inside private and public addresses used.
ASA-6-302013: Built outbound TCP connection 94225810 for outside:64.233.183.147/80 (64.233.183.147/80) to inside:10.160.42.68/4057 (12.12.12.129/43498)
To set the logging at this level and to forward to a syslog server enter the following in config mode.
logging enable
logging trap informational
logging host inside x.x.x.x (inside being the interface associate with the NW where the logging server is and x.x.x.x being the ip address of the logging server.
Please note: this could generate an awful lot of logging information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide