NAT translation logging
The ip nat log translations syslog command starts NAT logging: every NAT translation created on the router is logged in syslog (which can be sent to console, syslog host or internal buffer). You could use this command as a poor man’s reporting tool if you have to monitor the address translations on your edge routers (for example, due to security policy or auditing requirements). Obviously you should configure the no logging console first in a production environment; otherwise your router will hang a few moments after you’ve enabled NAT logging.
The logging printouts include:
- layer-4 protocol;
- inside local and global addresses and port numbers;
- outside local and global addresses and port numbers.
For example, the following messages were logged when an inside host 10.0.0.1 tried to access web server at the IP address 192.168.0.1. The inside source address 10.0.0.1 was translated through a NAT pool (configured with ip nat inside source list ACL pool POOL command) into 10.17.3.32 and the inside destination address 192.168.0.1 was translated into outside destination address 10.17.3.2 (configured with ip nat outside source static command).
12:17:12.503: %IPNAT-6-NAT_CREATED: Created tcp 10.0.0.1:43800 10.17.3.32:1024 192.168.0.1:80 10.17.3.2:80
12:18:47.751: %IPNAT-6-NAT_DELETED: Deleted tcp 10.0.0.1:43800 10.17.3.32:1024 192.168.0.1:80 10.17.3.2:80
Does it sound weird to specify the destination address translation with the ip nat outside source configuration command? It does to me …
I couldn't agree more with you regarding the config of destination address translation using the "ip nat outside source" command. Far from intuitive!
I'm currently testing whether such syntax will work for sessions being initiated from the *inside*. I have a situation where this is not working, although it is under some very particular circumstances.
I meant to say the 80^ of the logging messages are DNS not 8%....thank...
We are logging nat with the ip nat translations command for vrf, and we noticed that 8% of the logging messages are DNS. Is there a way for us to filter DNS from being logged via the nat translations
...it seems that translations logging is totally broken when using NVI-based NAT.
In the logged entry, only the "protocol" field (tcp, udp, etc.) is correctly assigned: all the address:port fields are logged as 0.0.0.0:0 -- Tested on IOS 15.1(4)M12a.
Can someone confirm this? Any known workaround?