Logging NAT Translations on the Cisco ASA

May 8th, 2014

It’s often handy when dealing with infringement notices and the like to have NAT translations logged. ┬áSure a better way would be to record netflow from these devices (and include the translations) but for a quick syslog solution, you can always:

logging enable
logging list ToSyslog level critical
logging list ToSyslog message 305011

See http://www.cisco.com/c/en/us/td/docs/security/pix/pix63/system/message/63syslog/pixemsgs.html#wp1054604

Messages will look something like:

May 08 13:01:20 freewifi-asa.net.uow.edu.au %ASA-6-305011: Built dynamic TCP translation from inside:10.64.37.96/53008 to outside:192.131.251.2/49520

 

One response

  1. Safeer comments:

    It is amazing how major fretuae updates that for other developers take months and a major version number increment can be released in mere days and with a minor version number increment by you! My upmost respect for developing is now clearly the best unofficial Facebook client, for any platform!Recently, I’ve been using Facebook to post pictures directly from my camera, and found this to be not very optimal with Flow as it is right now. Please consider:* Add Camera button in the News Feed screen to take photo and post it. Right now the only photo button is for posting image from Gallery.* Implement DCIM folder scanner that uploads to Facebook every photo that is taken by the camera. Options for this fretuae: choose folder(s) that are scanned for photos, choose polling period, choose Facebook album to auto upload, choose delay of uploading since new photo is taken (i.e. immediately, or after X minutes), upload if WiFi, upload if Power. Apps that currently allow this are Facebook Sync Pro and PicPush but both are not supported anymore. This is a great major fretuae you could sell as in-app purchase once Android Market rolls out in-app purchases.* This one is unique and tailored to Facebook power users: allow the user to set a dynamic name of Facebook folder to auto upload photos to. The dynamic name consists of string and properties (listed below) that is processed when the image is uploaded and if the name does not correspond to existing album, a new album with that name is created and photo posted there. The properties are:%DAY The current day, i.e. 13/3/2011 . Several formats available 13/3/2011, 3/13/2011%DAYWEEK The day of the week, i.e. Monday .%MONTH = The current month, i.e. March %YEAR The year, i.e. 2011 %PLACE The last place where the user has checked in, i.e. Walmart %CITY The city the user is in, GPS data via Google Maps API, i.e. New York %COUNTRY The country the user is in, GPS data via Google Maps API, i.e. USA Example dynamic Facebook album name: Me at %PLACE in %CITY %YEAR My Photos Visiting %COUNTRY in %YEAR Please let me know if any of those ideas appeal to you.

Leave a comment