Solved: Re: Pix515E check Nat Translations

dennylester · ‎11-03-2005

Before we had our Pix perform our Nat translations, our Cisco 1720 was performing it. Any time we wanted to see what external IP addresses a client was connecting to we would issue a "show ip nat trans".

I am wondering if a similar command exists for the Pix. I thought "show xlate" would do this but it only shows the internal address being mapped to the public address.

Thanks,

Denny

jackko · ‎11-04-2005

give "sh conn" a go.

e.g.

TCSNSWSYDP01# sh conn

128 in use, 46518 most used

TCP out xxx.xxx.xxx.212:80 in 192.168.1.230:2567 idle 0:04:45 Bytes 21315 flags UIO

TCP out xxx.xxx.144.xxx:80 in 192.168.1.211:2571 idle 0:04:53 Bytes 1536 flags UIO

TCP out xxx.xxx.xxx.15:3389 in 192.168.1.156:2490 idle 0:05:13 Bytes 18909248 flags UIO

View solution in original post

dclewis · ‎11-03-2005

Show xlate is the command. You most likely see the internal addresses overloading [PAT] the outside interface.

"global (outside) 1 interface"

In the past did you have a NAT pool that gave you one to one ip nat?

dennylester · ‎11-03-2005

No, we were using PAT on the 1720 too.

On the 1720 "show ip nat trans" would show the following

our external public address

the internal private address

then the address of the website or remote system being accessed.

On the Pix, "show xlate" only shows

the global address

then the internal address.

I can't see which websites or remotes the internal client is accessing out on the net.

I hope that makes sense.

Thank you,