NAT Logging on Cisco Routers

The ip nat log translations syslog command is used to perform NAT logging.

Every NAT translation created on the router is logged to syslog (which can be addressed to console, syslog host or internal buffer).

This command is useable to monitor address translations on edge routers (for example, due to security policy or auditing requirements).

It is recommended to configure the no logging console first in a production environment to avoid router hanging.

 

The logging record includes:

  • Layer-4 protocol.
  • Inside local and global addresses and port numbers.
  • Outside local and global addresses and port numbers.

 

Very Important Note: NAT Logging could be interpreted as a privacy violation, legal support is recommended if you plan to use it in production environment or if you plan to store NAT Translation History.


Comments are closed.