Monitoring network object nat – Cisco ASA 5505 User Manual
Page 596
30-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 30 Configuring Network Object NAT
Monitoring Network Object NAT
The following example maps a host address to itself using a network object:
hostname(config)# object network my-host-obj1-identity
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# object network my-host-obj1
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static my-host-obj1-identity
Monitoring Network Object NAT
To monitor object NAT, enter one of the following commands:
Command
Purpose
show nat
Shows NAT statistics, including hits for each NAT rule.
show nat pool
Shows NAT pool statistics, including the addresses and ports allocated,
and how many times they were allocated.
show running-config nat
Shows the NAT configuration.
Note
You cannot view the NAT configuration using the show
running-config object command. You cannot reference objects
or object groups that have not yet been created in nat commands.
To avoid forward or circular references in show command output,
the show running-config command shows the object command
two times: first, where the IP address(es) are defined; and later,
where the nat command is defined. This command output
guarantees that objects are defined first, then object groups, and
finally NAT. For example:
hostname# show running-config
...
object network obj1
range 192.168.49.1 192.150.49.100
object network obj2
object 192.168.49.100
object network network-1
subnet <network-1>
object network network-2
subnet <network-2>
object-group network pool
network-object object obj1
network-object object obj2
...
object network network-1
nat (inside,outside) dynamic pool
object network network-2
nat (inside,outside) dynamic pool
show xlate
Shows current NAT session information.