I had a problem where I needed to use the ASA real time logging but when I came to do so I could not see any traffic other than the PAT traffic, the NAT traffic was not being logged. This article is built thanks to the help I received from Journi Forss at Cisco Support.
Real Time Logging
Here you can see the real time logging is only showing the PAT traffic, I cannot see the correct ports that are actually being translated, I am only seeing the PAT ports that are in use.
Dynamic Translation
Here you can see that I am only seeing the dynamic translations, these are the PAT traffic.
Check Logging on the ASA
The next step was to check what logging was configured on the ASA, so I issued the show run logging command and in the output I can see that several syslog ID are disabled. The range from 30214 to 20218, this is the range for logging NAT traffic is the reason why I cannot see the information I needed.
Enable SysLog ID
The next step was to enable the syslog ID for logging again, so I issues the command logging message 30215 and did this each time for each syslog ID I required.
Correct Logging
Now when I used the real time logging I can see the correct NAT traffic and see the ports in use so I can perform the debugging I needed.
No comments:
Post a Comment