Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1525
Views
0
Helpful
3
Replies

NAT Translation Reports for ASA

pavlosd
Level 2
Level 2

‎05-06-2009 12:25 AM

We need a solution to track NAT Translation for ASA Firewalls on CS-MARS.

Currently we are forwarding the following information to MARS.

ogging list xlate-log level warnings class ip

logging list xlate-log message 202001

logging list xlate-log message 305009-305011

logging trap xlate-log

In MARS there is a predefined report called: (All) NAT Connections (Total View). Though, when I run it it doesn't show anything. Perhaps it was written with Router NAT Translation loggin or prhaps I should be logging something else?

Any Ideas?

Labels:
0 Helpful
3 Replies 3

Not applicable

‎05-13-2009 08:11 AM

NetFlow security event logging (NSEL)— Available on ASA5580 running Version 8.1.x, provides the same type of information as syslog but more efficiently, saving CPU cycles on both the Cisco ASA appliance and CS-MARS. Both connection information and NAT translation data are combined in the same NSEL records, reducing the overall number of records exported compared to syslog.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap10.html#wp1053059

0 Helpful

mhellman
Level 7
Level 7

‎05-18-2009 08:33 AM

This is probably a stupid question, but are you clicking "resubmit" to run it, not just "view report"? the latter only shows data if the report has been run before and by default that report isn't scheduled.

Have you tried running a query using the "NAT Connection Report" result format? We don't use ASA, so can't speak to specific messages required. If you're not seeing anything in the above query, you should try turning on all logging(debug) and if the query then returns data, you know you're missing logs.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎05-20-2009 02:08 AM

As others have suggested, enable level 7 debugging to syslog and then check if the reports can be generated. Then proceed from there.

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents