Netflow and Nat
i did few internet browsing on a PC in the network 192.168.2.0
when i check netflow i only see the ip 192.168.1.100
http://i41.tinypic.com/2e3tmqf.jpg
flow record test-record
match ipv4 source address
match ipv4 destination address
match transport tcp source-port
match transport tcp destination-port
collect counter bytes
collect counter packets
flow exporter exporter-teset
destination 192.168.2.3
transport udp 1234
flow monitor test-monitor
record test-record
sampler test-sampler
mode deterministic 1 out-of 2
interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
ip flow monitor test-monitor sampler test-sampler input
ip nat outside
interface FastEthernet0/1
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255
when i check netflow i only see the ip 192.168.1.100
http://i41.tinypic.com/2e3tmqf.jpg
flow record test-record
match ipv4 source address
match ipv4 destination address
match transport tcp source-port
match transport tcp destination-port
collect counter bytes
collect counter packets
flow exporter exporter-teset
destination 192.168.2.3
transport udp 1234
flow monitor test-monitor
record test-record
sampler test-sampler
mode deterministic 1 out-of 2
interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
ip flow monitor test-monitor sampler test-sampler input
ip nat outside
interface FastEthernet0/1
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255
Comments
-
danielno8
Member Posts: 34 ■■□□□□□□□□
i did few internet browsing on a PC in the network 192.168.2.0
when i check netflow i only see the ip 192.168.1.100
http://i41.tinypic.com/2e3tmqf.jpg
flow record test-record
match ipv4 source address
match ipv4 destination address
match transport tcp source-port
match transport tcp destination-port
collect counter bytes
collect counter packets
flow exporter exporter-teset
destination 192.168.2.3
transport udp 1234
flow monitor test-monitor
record test-record
sampler test-sampler
mode deterministic 1 out-of 2
interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
ip flow monitor test-monitor sampler test-sampler input
ip nat outside
interface FastEthernet0/1
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255
you haven't configured the fa0/1 interface for flows, additionally, you have only configured fa0/0 to monitor the input traffic.
We usually use the interface sub-commands:
ip flow ingress
ip flow egress
I haven't seen it configured like that before, but i'd try configuring it on the other interface to see the other intyerfaces traffic. At the minute you are just getting the server's reply traffic. -
shedo
Registered Users Posts: 7 ■□□□□□□□□□
hmm yes i did miss the part of why not configure 0/1 instead of 0/0.
am guessing you havent seen it configure like that
beacuase its flexible netflow not normal
thanks