ASA 5540 not logging NAT TRANSLATION errors

Hello,
What would couse a ASA 5540 to not log NAT TRANSLATION ERRORS??
dcawoodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

harbor235Commented:
logging level is not appropriately set ? How do you have logging set up?

What translations errors are you getting and how have you verified that they are not being generated?

harbor235 ;}
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Istvan KalmarHead of IT Security Division Commented:

it is possible to prune syslog messages on config, for example:

no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020

please check it the config
0
dcawoodAuthor Commented:
Here is how logging is setup. I know at my previous job, I could look, on the syslog server, for the ino or warning.. cant remeber what the log was.. but I could see any NAT errors there. For these ASA's here, I am only getting an alert and critical.txt on the syslog server.

logging enable
logging timestamp
logging standby
logging buffer-size 1048576
logging asdm-buffer-size 512
logging console emergencies
logging monitor critical
logging buffered critical
logging trap critical
logging history emergencies
logging asdm debugging
logging mail emergencies
logging from-address ASA40A@xxxxx.com
logging recipient-address adminalerts@xxxxx.com level emergencies
logging device-id hostname
logging host inside 10.5.85.5
logging host inside txdal01002
logging permit-hostdown
logging class auth monitor debugging
logging class vpn monitor debugging
logging class vpnc monitor debugging
logging class vpnfo monitor debugging
logging class vpnlb monitor debugging
no logging message 302014
no logging message 304002
no logging message 304001
no logging message 302016
no logging message 302021
no logging message 302020
logging message 302014 level debugging
logging message 304002 level debugging
logging message 304001 level debugging
logging message 302016 level debugging
logging message 302021 level debugging
logging message 302020 level debugging
logging rate-limit 1500 1 level 0
logging rate-limit 10000 1 level 1
logging rate-limit 5000 1 level 2
logging rate-limit 1500 1 level 3
logging rate-limit 1500 1 level 4
logging rate-limit 750 1 level 5
logging rate-limit 1500 1 level 6
logging rate-limit 10000 1 level 7
0
Istvan KalmarHead of IT Security Division Commented:
Hi,

Please refer this page about syslog error message:

http://www.cisco.com/en/US/docs/security/asa/asa81/system/message/81logmsg.html#wp4770864

302016

Error Message    %ASA-6-302016: Teardown UDP connection number for
interface:real-address/real-port to interface:real-address/real-port duration
hh:mm:ss bytes bytes [(user)]

Explanation    A UDP connection slot between two hosts was deleted. The following list describes the message values:

•connection number is an unique identifier.

•interface, real_address, and real_port are the actual sockets.

•time is the lifetime of the connection.

•bytes is the data transfer of the connection.

•connection id is an unique identifier.

•interface, real-address, and real-port are the actual sockets.

•duration is the lifetime of the connection.

•bytes is the data transfer of the connection.

•user is the AAA name of the user.

Recommended Action    None required.
0
dcawoodAuthor Commented:
Thanks, the trap was set to critical for whatever reason. I set it to notificational and am getting the nat trans log now.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.