To display the diagnostics of the NAT resource the following commands are used:
Shows diagnostic information, such as the state of the
resource, the current number of translations present into NAT
table, the maximum number of translations reached from start-up
into the NAT table and the maximum number of translations present
into the table (this information indicates the
dimtable
parameter).
[18:06:40] ABILIS_CPX:
d d nat
RES:Nat ----------------------------------------------------------------------- Network_Address_Translator STATE:READY -----------|--- CUR ---|-- PEAK ---|--- MAX ---| LINKS | 3| 43| 1000| LINKS% | 0%| 4%| | ------------------------------------------------
To display the statistics of the NAT resource the following commands are used:
Shows statistic information, such as the number of processed ICMP/TCP/UDP/FTP/DNS/SNMP/SNTP packets, the number of processed FRAGMENT ID/FRAGMENT POINTER packets, etc.
[18:06:40] ABILIS_CPX:
d s nat
RES:Nat ----------------------------------------------------------------------- Network_Address_Translator --- Cleared 11 days 14:06:31 ago, on 16/04/2015 at 19:42:48 ------------ REQ:95760726 SUCCESS:203109 IGNORED:95557585 OVERFLOW:0 TCP-RST:40211397 ERROR:0 FTP-OVR:0 DNS-OVR:0 SNMP-MF:0 FTP-BCT:0 DNS-EF:0 PPTP-MT:0 ------------------------------------------------------------------------ -----------|---INSIDE--|--OUTSIDE--|----VPN----|----DMZ----| BLOCKED-MIL| 0| 0| 0| 0| ------------------------------------------------------------------------ ICMP-ERR | 0| 0| 0| 0| TCP-ERR | 0| 0| 0| 0| UDP-ERR | 0| 0| 0| 0| ------------------------------------------------------------------------ ICMP-SRC | 2062| 0| 0| 0| ICMP-DST | 0| 459| 0| 0| TCP-SRC | 0| 0| 0| 0| TCP-DST | 0| 0| 0| 0| UDP-SRC | 93034| 0| 0| 0| UDP-DST | 0| 107554| 0| 0| GRE-SRC | 0| 0| 0| 0| GRE-DST | 0| 0| 0| 0| OTHERS-SRC | 0| 0| 0| 0| OTHERS-DST | 0| 0| 0| 0| ------------------------------------------------------------------------ ONATDISCARD| 31621| 0| 0| 0| ------------------------------------------------------------------------ FRAG-ID:0 FRAG-POINTER:0 FRAG-UNRESOLVED:0 FRAG-HEADER-FOUND:0 ------------------------------------------------------------------------
Caution | |
---|---|
To view these commands you need to have administrator or super user rights. |
Type the following command to view allowed ones:
[00:07:36] ABILIS_CPX:debug res:nat lsn:0
RES:Nat -----------------------------------------------------------------------
Network_Address_Translator
BufferLength:1959 Date/Time:28/04/2015 09:50:23 TraceTime:330933760
Usage:
LSN:0 - This help (default).
LSN:1 - Debug unavailable: use D NAT MAPS instead.
LSN:2 - View statistics and information.
LSN:3 CMD:DISPLAY - Show current NAT trace (default).
LSN:3 CMD:ACT[,param,...] - Activate the trace.
List of NAT activate parameters (for LSN:3 CMD:ACT).
No parameters (default) - Trace all packets unconditionally.
CHK - Trace packets with wrong checksum.
TCPRST - Trace packets when NAT originates a TCP reset.
ERR - Trace packets that cause an error.
NOTLN - Trace packets ignore TELNET packets..
<IP add> - Trace packets only to/from these addresses (up to 4).
LSN:3 CMD:START - Start the trace.
LSN:3 CMD:STOP - Stop the trace.
LSN:3 CMD:INACT - Deactivate the trace.
LSN:4 - Display headers of last 10 packets with checksum error.
LSN:4 CMD:EXT - Display last 10 packets with checksum error.
LSN:4 CMD:CLR - Clear checksum failures history.
LSN:5 - View links between recods on the dynamic table.
LSN:6 CMD:CLR - Initialize Peak diagnostic information.
LSN:7 - View translation filter.
LSN:7 CDM:EXT - View translation filter with extended translation info.
LSN:8 - View configured table.
LSN:9 - View virtual table.
LSN:10 - View dynamic table.
LSN:11 - View dynamic table with TCP session status.
LSN:12 - Display information of last 100 UPNP commands.
LSN:12 CMD:EXT - Display extended information of last 100 UPNP commands.
LSN:12 CMD:CLR - Clear UPNP command history.
LSN:13 - Display information of last 20 packets with ONAT discard error.
LSN:13 CMD:CLR - Clear ONAT discard failures history.
LSN:14 - View optimized loop-back table.
To view the currents NAT sessions type:
[00:10:18] ABILIS_CPX:d nat maps
Number of records in standard table: 21
S A TYPE SRC-ADDRESS SP/ID DST-ADDRESS DP/ID ALS-ADDRESS ALIAS TM
-------------------------------------------------------------------------------
IOS UDP 192.168.030.002 11826 086.101.152.080 26211 192.168.001.100 9060 180
IOS UDP 192.168.030.002 11826 080.230.085.012 30615 192.168.001.100 9061 54
IOS UDP 192.168.030.002 11826 084.097.119.138 41956 192.168.001.100 9247 93
IOS UDP 192.168.030.002 11826 200.117.084.037 45252 192.168.001.100 9063 180
IOS UDP 192.168.030.002 11826 077.083.166.003 34588 192.168.001.100 9064 180
IOS UDP 192.168.030.002 11826 151.021.081.198 32605 192.168.001.100 9068 164
IOS TCP 192.168.030.002 2220 095.076.135.237 18586 192.168.001.100 9109 360
IOS UDP 192.168.030.002 11826 077.030.154.190 41899 192.168.001.100 9206 58
IOS UDP 192.168.030.002 11826 095.250.024.242 34375 192.168.001.100 9250 104
IOS UDP 192.168.030.002 11826 079.024.059.147 31351 192.168.001.100 9251 105
IOS UDP 192.168.030.002 11826 193.198.056.247 45682 192.168.001.100 9115 16
IOS TCP 192.168.030.002 2254 064.012.028.207 443 192.168.001.100 9116 352
IOS UDP 192.168.030.002 11826 095.076.135.237 18586 192.168.001.100 9258 147
IOS UDP 192.168.030.002 11826 151.048.102.187 45873 192.168.001.100 9093 18
IOS TCP 192.168.030.002 2287 205.188.001.209 443 192.168.001.100 9123 144
IOS TCP 192.168.030.002 2296 064.012.030.056 443 192.168.001.100 9124 223
IOS UDP 192.168.030.001 5060 083.211.227.015 5060 192.168.001.100 9100 110
IOS UDP 192.168.030.002 11826 217.164.063.250 36112 192.168.001.100 9127 149
IOS TCP 192.168.030.002 2200 064.004.061.123 1863 192.168.001.100 9104 350
IOS UDP 192.168.030.002 11826 093.146.163.169 31586 192.168.001.100 9130 103
IOS TCP 192.168.030.002 2366 080.230.085.012 30615 192.168.001.100 9217 355
Meaning of parameters:
S (SIDE)
It's composed by two letters. The first shows the input side
and the second the translation side (I
:
INSIDE, O
: OUTSIDE, V
: VPN,
D
: DMZ).
A
It shows if the translation must be applied to the suorce
address or to the destination one(S
: SOURCE,
D
: DESTINATION).
TYPE
It shows the packet's protocol. The translation is applied only if TYPE matches with the protocol of the packets to analyse (ICMP, UDP, DNS, SNTP, SNMP, TCP, FTPc, FTPd, FRAG, PPTc, PPTd).
SRC-ADDRESS
It shows the applied filter on the source address. If the received packet source address doesn't match with SRC-ADDRESS, the translation isn't applied.
SP/ID
If TYPE is FRAG, PPT or ICMP, it shows the packet ID used to verify if the translation matches. If TYPE is TCP or UDP, it shows the packet source port.
DST-ADDRESS
It shows the applied filter on the destination address. If the received packet destination address doesn't match with DST-ADDRESS, the translation isn't applied.
DP/ID
If TYPE is FRAG, PPT or ICMP, it shows the packet ID used to verify if the translation matches. If TYPE is TCP or UDP, it shows the packet destination port.
ALS-ADDRESS
If TYPE, SRC-ADDRESS, SP/ID, DST-ADDRESS, DP/ID, ALS-ADDRESS match, it shows the new IP address which will be assigned to the one in the packet. If A:S, the source address is replaced with ALS-ADDRESS. if A:D, the destination address is replaced with ALS-ADDRESS.
ALIAS
If TYPE, SRC-ADDRESS, SP/ID, DST-ADDRESS, DP/ID, ALS-ADDRESS match, it shows the new DP/ID which will be assigned to the one in the packet. If A:S, the current SP/ID is replaced with ALIAS. if A:D, the DP/ID is replaced with ALIAS.
TM
It's the translation lifetime. When TM reaches 0, the translation is deleted. Each time the translation is matched, the TM is initialized to a specific value depending of NAT resource configuration.