Netflow and Nat

shedo

i did few internet browsing on a PC in the network 192.168.2.0
when i check netflow i only see the ip 192.168.1.100

http://i41.tinypic.com/2e3tmqf.jpg


flow record test-record
match ipv4 source address
match ipv4 destination address
match transport tcp source-port
match transport tcp destination-port
collect counter bytes
collect counter packets

flow exporter exporter-teset
destination 192.168.2.3
transport udp 1234

flow monitor test-monitor
record test-record
sampler test-sampler
mode deterministic 1 out-of 2

interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
ip flow monitor test-monitor sampler test-sampler input
ip nat outside

interface FastEthernet0/1
ip address 192.168.2.2 255.255.255.0
ip nat inside

ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255

danielno8

shedo wrote: »

i did few internet browsing on a PC in the network 192.168.2.0
when i check netflow i only see the ip 192.168.1.100

http://i41.tinypic.com/2e3tmqf.jpg


flow record test-record
match ipv4 source address
match ipv4 destination address
match transport tcp source-port
match transport tcp destination-port
collect counter bytes
collect counter packets

flow exporter exporter-teset
destination 192.168.2.3
transport udp 1234

flow monitor test-monitor
record test-record
sampler test-sampler
mode deterministic 1 out-of 2

interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
ip flow monitor test-monitor sampler test-sampler input
ip nat outside

interface FastEthernet0/1
ip address 192.168.2.2 255.255.255.0
ip nat inside

ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255

you haven't configured the fa0/1 interface for flows, additionally, you have only configured fa0/0 to monitor the input traffic.

We usually use the interface sub-commands:

ip flow ingress
ip flow egress

I haven't seen it configured like that before, but i'd try configuring it on the other interface to see the other intyerfaces traffic. At the minute you are just getting the server's reply traffic.