Solved: Re: View external ips accessing NAT

mcliff · ‎05-12-2022

Hello,

How can I view what the external IP's are that are accessing a NAT on ASA 5515? In the ASDM I've gone to the Access Rules tab and selected the one I want and I've picked show log but the window it opens doesn't show me anything. Any help would be appreciated, thanks.

balaji.bandi · ‎05-12-2022

May be you can try : (not sure below help please let me know if that suites)

# show xlate | inc XXXXX (the Internal IP here)

or

#show xlate local x.x.x.x

# sh nat detail | include x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rob Ingram · ‎05-12-2022

@mcliff use the command show local-host <private ip address>

Example below determines there are 2 connections and lists the source public (external) IP addresses connecting to that server.

View solution in original post

Flavio Miranda · ‎05-12-2022

Hi

You can use command line for that: "show xlate". CLI on this case is easier to see.

You can also use the packetTracert

mcliff · ‎05-12-2022

Hi Flavio,

When I issue the show xlate command it looks the same to me as viewing the log in the ASDM, it just shows all of our internal ips going to our public ip. Is there a way to only view external users ip's that are accessing the one internal ip that is being NAT'ed though?

The packet tracer seems to just show you what would happen if an external ip tried to access the NAT'ed IP, if it would be allowed or denied based on the rules?

Please let me know if I am doing this wrong as I am sure I am.

balaji.bandi · ‎05-12-2022

May be you can try : (not sure below help please let me know if that suites)

# show xlate | inc XXXXX (the Internal IP here)

or

#show xlate local x.x.x.x

# sh nat detail | include x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎05-12-2022

Use keyword detail with packet-tracer give you all nat use by this traffic.

Rob Ingram · ‎05-12-2022

@mcliff use the command show local-host <private ip address>

Example below determines there are 2 connections and lists the source public (external) IP addresses connecting to that server.

mcliff · ‎05-12-2022

Hello,

The show xlate | inc and the show local-host both work thank you. One more thing I'll ask and maybe there isn't a way to do this, how do I get a days worth of these logs? It looks like it shows the currently connected connections but once those connections are done it goes away and no longer shows. I am assuming I will need to setup some kind of syslog server to track this somehow?

Thanks again for the help.

MHM Cisco World · ‎05-12-2022

If you can config log with nat use by this host

This make nat log when new entry add to xlate.

balaji.bandi · ‎05-12-2022

yes, that is the best approach if you looking for archive data,

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help