Clearing nat translations through SNMP Set

Similar Messages

• What's the best way to do many NAT translations for WWW farm?

  Hello all, I hope this finds you in good spirits.
  I have recently upgraded my ASA 5510 to 8.3 code and honestly I am confused on the best and most efficient way to do many nat translations through it.  I have a group of about 100 IP's that need http/https/and sqlnet allowed through for our web farm.
  I have a text file with the real and translated IP addresses and in 8.2 I could simply modify it and dump the thing in and make the NAT rules and access-lists.  Now with the new object based model I am having a hard time wrapping my brain around how to do this using as few lines of code as possible.
  Do I have to create an network object for each and every IP i want to nat through? 
  Thank you for your consideration!

  Were your NATs not present in the pre-upgrade code? If they were, they should have been automatically rebuilt along with the recommended objects.
  If they weren't, you can relatively easily make a little script of spreadsheet with some transforms to go from your text listing to the necessary network objects and new syntax nat rules.
  It's also relatively easy to build them in ASDM and just copy, insert and modify down the list. You can even use the "Add Object" part of the GUI to also add the NAT rules at the same time:

• SNMP number of NAT translation

  Hi,
  I am looking for the SNMP OID to monitor the sh ip nat translations on a cisco 881.
  Can anyone please know if this is available.
  Thanks,
  Ilya
  #sh ver
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Thu 26-Feb-09 06:01 by prod_rel_team
  ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  center-gw1 uptime is 1 day, 16 hours, 23 minutes
  System returned to ROM by power-on
  System restarted at 13:06:10 MSK Thu Jan 5 2012
  System image file is "flash:c880data-universalk9-mz.124-24.T.bin"
  Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
  Processor board ID FCZ1434C3U4
  5 FastEthernet interfaces
  256K bytes of non-volatile configuration memory.
  125440K bytes of ATA CompactFlash (Read/Write)

  Hi Ilya,
  Have you used SNMPwalk to that device?
  Try the following MIb file
  CISCO-IETF-NAT-MIB

• Setting Nat Translations in RRAS

  we are looking to have our windows server 2012 as our main router and firewall. we want to replace our sonicwall with the server 2012. i need to figure out how to do NAT translations to make an external Ip translate into a specific Ip address. for example
  we want 64.19.190.107 to translate to 192.168.50.55. please help me

  Hi,
  Hope the following articles could help you:
  Enable and Configure NAT
  Enable RRAS as a VPN Server and a NAT Router
  NAT Example
  How NAT Works
  IPv4 - NAT - Interface Properties - Address Pool Tab
  Happy Holidays.
  Jeremy Wu
  TechNet Community Support

• How to use MARS for NAT Translation Analysis...

  Hi All,
  I was wondering if we could use MARS to do NAT logging. To be more specific, currently we are using a PUX Firewall that does dynamic nat/pat. We log NAT Translations to syslog server and if further required we search into the files to find what we want.
  I was wondering if anyone had tried to send translation logs to MARS and then doing a custom report for NAT Translations (i.e. by source, destination, time etc).
  Regards.

  Hello Nicolas,
  Use the following steps :
  Step 1
  Locate the File “global.properties”
  Drive:\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\config\custom
  The following values should be present:
  vintela.enabled=true
  idm.realm=Domain Name (u can get the name from C:\Windows\Krb5.ini)
  idm.princ=SPN User
  idm.allowUnsecured=true
  idm.allowNTLM=false
  idm.logger.name=simple
  idm.logger.props=error-log.properties
  Step 2:
  Locate the file “web.xml”
  D:\SAP BusinessObjects\Tomcat6\webapps\dswsbobje\WEB-INF
  Uncomment the Kerberos Proxy Filter and the Kerberos Filter sections to enable Kerberos SSO for Windows Active Directory (secWinAD) authentication. The following options must be specified (the rest are optional)
  idm.realm = SPN user (the same as the default_realm specified in the Krb5.ini file)
  idm.princ = SPN User (the same as specified for idm.princ in the global.properties)
  idm.keytab = (the same as specified for idm.keytab in the global.properties )
  Please note, if you are using the hardcoded password set in Tomcat's Java Options do not make any changes to the keytab lines in the web.xml
  Step 3:
  Backup and edit Drive:\Tomcat6\webapps\dswsbobje\WEB-INF\classes\dsws.properties by setting kerberos.sso to 'true' Restart Tomcat
  KR,
  MD

• NAT Translating Destination IP and Port

  Hi I have posted this in the Routing and switching forum but thought i'd post it in here too as it realted to web security
  I am struggling with NAT  translation on a Cisco router. I want to translate all HTTP traffic  that exits my network to change the destination IP to 117.166.1.1  and  translate the destination port from tcp 80 to tcp 3128.
  i.e. If a  PC with an IP 192.168.1.10 enters 200.1.1.1 into the webbrowser, instead  of the traffic going to 200.1.1.1 on port 80, it will be directed to  117.166.1.1 on port 3128
  This is because I am using a cloud url filter and want all HTTP traffic to go to that proxy.
  I believe this can be done with an outside NAT but I am unable to get this work. Anyone know how to do this?
  Thanks
  K

  Hi,
  If you want to block all the connections to your computer on 25 port, you need to add My IP Address as the Destination address and set Any IP Address as the Source address in your computer.
  In addition, if you choose Mirrored, it will mirror the filters automatically configures both inbound and outbound filters. In your scenario, you would uncheck it.
  For more detailed information, please refer to the link below:
  Step-by-Step Guide to Internet Protocol Security (IPSec)
  Best regards,
  Susie

• Maximum number of simultaneous NAT translations

  Hi all...
  Does anyone know how many simultaneous NAT translations a low end device such as a Cisco RV016 supports?
  I  know this is a low end device but I see no reason that with a typical  allocaiton of  220 bytes per entry and modern CPU's to walk the tree that this RV016  could not support 500 to 1000 easily?
  http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/792_pp.htm#wp39411
  Any  reasonable device should support 500 to 1000? I believe a linux box  would do it effortlessly for 500 tcp/udp connections ,mapped via  NAT at 100Mbits/second but I would prefer a  cisco router any day.
  I am looking for at least 500+ users  in on the WAN side to 1 or 2 servers on the LAN side behind the NAT wall.
  Of course worst case would assume 1 to 1 NAT simultaneous translations for numbers.
  What would be the mimum low end cisco gateway router I could use to do this 500 to 1? 1000 to 1?
  Am I way off on this?
  Thanx.
  -Glenn

  The prevailing wisdom from Adobe for simultaneous requests is
  very wrong and inaccurate. First off, editing the simultaneous
  requests in the CFAdmin is safe to do. Editing your JVM settings
  with the CFAdmin is very dangerous on Linux because the CF Admin
  code can mangle the xml file. I'm not sure if this is true on
  Windows.
  Now back to the simultaneous requests issue. If you have high
  traffic and enough server processing power you can greatly increase
  the request number. We currently run our CFMX 7.02 servers set to
  100 simultaneous requests. And yes we've been maxed out at that
  level. We see over 1.5 million page views per day on a single cf
  server with only one instance of CF. As of today we switched to a
  load balanced setup and split the load across two servers. The
  reason we went load balanced is that we're expecting to more than
  double our traffic. Anyways, the number of simultaneous requests
  can be much higher than the 'General Wisdom' at Adobe.
  Oh yeah, I almost forgot. I've seen the new setting for
  simultaneous requests take effect with out having to restart CFMX.
  Cheers,

• Not Seeing NAT Translations Across GRE IPSec Tunnel

  Hello,
  I have a P2P GRE over IPSec tunnel beween two 3725s using NAT overload and the Internet as transport. I can reach the backside networks, tunnel endpoints, etc., and I have verified that the traffic is being encrypted. What I am not seeing however are any NAT translations taking place. They must be happeing because my traffic is being routed through the tunnel via the public interfaces. I am assuming that this is a result of the checksum being altered when the translation is done.
  Would I be correct in assuming that I could use something like NAT Transparency or IPSec over TCP/UDP to fix the problem and begin seeing NAT translations?
  Thanks for any help you guys may be able to provide!
  Anthony, CCNA (Network/Voice)

  Can you send over the configurations
  You seem to have a phase 1 issue, it's not negotiating correctly.
  Thanks

• SWIM5004: Cannot initiate SNMP-set operation

  Hi,
  i am trying to get the IOS images for 6509, 6504 vss and 4506-E through LMS 3.2.1.
  i have configured RO SNMP v3 and i am encountring with the following error:
  """  Importing the image s72033-ipservicesk9_wan-vz.122-33.SXI5.bin from the device sup-bootdisk into the Software Repository.
  Image will be copied to rep_sw_8156213553784565916 using TFTP.
  Could not import s72033-ipservicesk9_wan-vz.122-33.SXI5.bin from the device.
  Error Message:
  SWIM1124: Failed to copy the image from Flash due to the reason - SWIM5004: Cannot initiate SNMP-set operation.
  The SNMP Write Community String might be wrong.
  Check whether the correct SNMP Write Community String is entered in Device and Credential Repository..
  Retry the operation. If the problem persists, check the Bug Toolkit application for any known issues on the running image version.
  Image Import Operation Failed
  Device is unlocked.
  Device Import Result : Failed
  End Time:Sat Jul 30 10:44:38 GMT+03:00 2011
  SWIM0036: Could not add this image to software repository.  """
  i successfully imported 3560 switches to the depository but not able for 4500 and 6500 series where all the settings are the same.
  Kindly if anyone can help.
  Regards,
  George

  Hi Joel,
  First of all i would like to thanks your answer.
  The Check Device Credential shows the snmp communities rw was false.
  I changed the communities so i clicked to device credentials button on  the Device Credentials Verification Job Details form.
  The softver upload is working right now from this device.
  Earlier i tried to run the management station to devices function and it was succcessful for SNMP RW!!!!!!!!!!!!!!!!!!!!!!!!!!!
  I tried to change the commnities via CS > Device and Credentials > Device Management.
  Despit all these the RME fetching was not working.
  I do not unterstand what is the different .
  Regards

• ASR1006 log NAT translations

  Good day. We've got the following problem, but i cant solve it.
  We have:
  ASR1000-RP2
  ASR1000-ESP40
  ASR1000-SIP40
  SPA-10X1GE-V2
  SPA-10X1GE-V2
  Kiwi Syslog Server
  ASR performs the function of ISG. The number of subscribers until 10000. This number is constantly growing.
  Because of the economic address space subscribers surf the Internet through NAT.
  Now the task to keep logs of all translations or binds. Need to store the information about what time, certain internal IP address using the external IP.
  I've tried:
  ip nat log translations syslog
  logging trap debugging
  logging host xx.xx.xx.xx transport UDP port xxx
  no logging console (so as not to load the CPU)
  Next on the syslog server has come the following message:
  %IOSXE-4-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:064 TS:00004084523374422713 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 1048576 exceeded; frame dropped
  I did:
  ip nat translation max-entries 10000000
  Error stopped publishing but logs do not come.
  I think of the huge number of translation per second, it can not send them as fast.
  How can this problem be solved or otherwise obtain and store information about a translations?
  Say what Syslog server is properly used for large volumes of data.
  Thank You and sorry for my English

  So I was able to redirect all log nat translations to the server using the command:
  ip nat log translations flow-export v9 udp destination server_ip udp_port
  Through Wireshark I get all the relevant information about ip address and time.
  Is there any software that could take this information and process it.
  I has used PRTG, ZOHO but they can`t analyze this flow type.
  Can anyone help me?

• Remote Access VPN, no split tunneling, internet access. NAT translation problem

  Hi everyone, I'm new to the forum.  I have a Cisco ASA 5505 with a confusing (to me) NAT issue.
  Single external IP address (outside interface) with multiple static object NAT translations to allow port forwarding to various internal devices.  The configuration has been working without issues for the last couple years.
  I recently configured a remote access VPN without split tunneling and access to the internet and noticed yesterday that my port forwarding had stopped working.
  I reviewed the new NAT rules for the VPN and found the culprit. 
  I have been reviewing the rules over and over and from everything I can think of, and interpret, I'm not sure how this rule is affecting the port forwarding on the device or how to correct it.
  Here are the NAT rules I have in place: (The "inactive" rule is the culprit.  As soon as I enable this rule, the port forwarding hits a wall)
  nat (inside,outside) source static any any destination static VPN_Subnet VPN_Subnet no-proxy-arp route-lookup
  nat (outside,outside) source static VPN_Subnet VPN_Subnet destination static VPN_Subnet VPN_Subnet no-proxy-arp route-lookup
  nat (outside,outside) source dynamic VPN_Subnet interface inactive
  object network obj_any
  nat (inside,outside) dynamic interface
  object network XXX_HTTP
  nat (inside,outside) static interface service tcp www www
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  Any help would be appreciated.

  Try by changing the nat rule to nat (outside,outside) after-auto source dynamic VPN_Subnet interface
  With Regards,
  Safwan

• The KitKat upgrade has been a disaster. home wireless is no longer recognized, even going through the set-up process.  It does not connect to the car through Bluetooth seamlessly--I have to add my phone as a new device each time I get in the car.  In atte

  My home wireless is no longer recognized, even going through the set-up process.  It does not connect to the car through Bluetooth seamlessly--I have to add my phone as a new device each time I get in the car.  In attempting to solve these problems I have gone to settings-phone-upgrade and it states that the upgrade is available-select to continue-(which I do)- it checks -please wait and it then states that update not available - try later.

  Maybe not too late to help you.
  For specifically fixing the Bluetooth, un-pair your phone with the car, and go through the process of repairing the two.
  In general, the KK update requires many of us (different phones) to perform a Factory Data Reset after we back up our personal content (pictures, music, movies, or other downloaded files) to a PC or MAC. This will result in you having to do a bit of work to setup icons for the programs you use, and maybe putting in the specifics again for email accounts and other specialized apps. So if you are going to do this sort of thing... copy important information/settings down on paper.
  HTH.

• Static NAT pass-through; can not get to work

  I am not having any luck getting a static NAT pass-through to work.
  BM3.8/NW6.5 all patched to the latest patches (no betas). IPFLT is NOT
  loaded.
  My internal network on one LAN all have 10.100.xxx.xxx private addresses.
  Dynamic NAT works great.
  I have secondary public IP addresses bound to my public NIC. Static NAT
  mapping between the secondary public IP addresses and the couple of
  individual private addresses work just fine. In other words, all has been
  working fine.
  I need to give one of those internal resources its public IP address
  (change it's private to its public).
  OK, I went into the NAT table and changed the proper public <-> private to
  public <-> public (identical addresses). I changed the internal computer
  to it's public address/mask with the same default gateway the server is
  using. The internal computer can now only ping itself; can't even ping
  it's default gateway. I did reinitialize, and also restarted. I can not
  get the pass-through connection to work.
  Any thoughts will be well received.
  Bob

  Robert,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Clear Cenvat clearing GL item through F-03

  Hi..
  After MIGO while excise is captured through J1IEX then Cenvat clearing GL become credit. And during MIRO Cenvat Clearing GL become debit. And last week company closed last financial year and carry forwarded to current year. Now I want to clear Cenvat Clearing GL open item through F-03. But at present through F-03 Cenvat clearing GL not able to clear items.
  How I can clear items under Cenvat Clearing GL account through F-03 ?
  With Regards,
  Samrat

  Hi
  Try in F.13 to clear cenvat clearing GL.
  Regards
  Sandesh

• Clearing Vendor Downpayment through F-54

  Hi all,
  While clearing through F-54 system throws error : No downpayment exist.  But I have checked in the Downpayment account, A/P account and Customer Line item and the entry exists. Customization for Downpayment made also correct.  All the fields are correctly entered in F-54.  Still the error comes.
  Please clarify.
  Regards,
  Sadashivan

  Hi Ravi,
  This transaction is not a downpayment request.  But one thing I have to mention.  For this downpayment the assignment of alternate reconciliation account was done on 17.3.09.
  The posting date and document date has been given as 13.03.2009 for the downpayment document.  Whereas when I check in the entry view > header details, the posting date is 18.03.2009 (may be it is
  showing the actual date of posting).  When the clearing is done through F-54 by giving
  date 31.03.2009, the system gives the error that no downpayment exist.   If we give
  the Inv.No. details and click for document display, the system shows the relevant document
  to be cleared.  Wen we click open process items tab, the error is shown. Kindly confirm
  whether the system is not updated with the assignment of alternate reconciliation account
  for downpayment when the document date and posting date has been given prior to that
  assignment and that is why the system is showing error.  Further, is it right to reverse that
  downpayment document and post a fresh document by giving date after 17.03.2009 and then
  clear the entry.
  Regards,
  Sadashivan