Our Branch Offices routes all their traffic to our Headquarter through an MPLS connection, all the traffic then goes through an ASA Firewall to be inspected before being natted to a public address and routed to the internet.
Both our Branch sites and HQ uses the same public address to reach the internet, we are about to deploy an application which can potentially create 8 new connections per. internal user, i'm worried that we will have more than 65535 connections and therefore run out of ports.
Are there any way i can see how many active connections i have that uses this specific public address?
'Show connections count' won't give me the precise result as we have a tons of other sites being natted to different public IPs, but i'm only interested in seeing the amount of connections for this specific IP so i can find out whether i need to split them up into multiple public ip-adresses.
Best Answer
You should use
show xlate
set of commands, they give you all current translation information (NAT/PAT) whileshow conn
just gives your the information of (real) source and (real) destination IPs.Let's say you have a public IP address (11.22.33.44) which is used for NAT/PAT, below are commands you can use to get what you want (please try with other options and check the outputs):
show xlate global 11.22.33.44
show xlate | i 11.22.33.44
On the other hand, by using
show xlate local
, you will get exact informaion and verify which public IP address is being used as NATted IP address for your local/internal private IP (let's say 192.168.100.80):show xlate local 192.168.100.80
show xlate | i 192.168.100.80
Check the outputs of
show xlate | i 192.168.100.80
andshow conn | i 192.168.100.80
, you will get more ideas.I hope this is helpful and answers your question.