Netflow and Nat

shedoshedo Registered Users Posts: 7 ■□□□□□□□□□
i did few internet browsing on a PC in the network 192.168.2.0
when i check netflow i only see the ip 192.168.1.100

http://i41.tinypic.com/2e3tmqf.jpg


flow record test-record
match ipv4 source address
match ipv4 destination address
match transport tcp source-port
match transport tcp destination-port
collect counter bytes
collect counter packets

flow exporter exporter-teset
destination 192.168.2.3
transport udp 1234

flow monitor test-monitor
record test-record
sampler test-sampler
mode deterministic 1 out-of 2

interface FastEthernet0/0
ip address 192.168.1.100 255.255.255.0
ip flow monitor test-monitor sampler test-sampler input
ip nat outside

interface FastEthernet0/1
ip address 192.168.2.2 255.255.255.0
ip nat inside

ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESS
permit 192.168.0.0 0.0.255.255

Comments

  • danielno8danielno8 Member Posts: 34 ■■□□□□□□□□
    shedo wrote: »
    i did few internet browsing on a PC in the network 192.168.2.0
    when i check netflow i only see the ip 192.168.1.100

    http://i41.tinypic.com/2e3tmqf.jpg


    flow record test-record
    match ipv4 source address
    match ipv4 destination address
    match transport tcp source-port
    match transport tcp destination-port
    collect counter bytes
    collect counter packets

    flow exporter exporter-teset
    destination 192.168.2.3
    transport udp 1234

    flow monitor test-monitor
    record test-record
    sampler test-sampler
    mode deterministic 1 out-of 2

    interface FastEthernet0/0
    ip address 192.168.1.100 255.255.255.0
    ip flow monitor test-monitor sampler test-sampler input
    ip nat outside

    interface FastEthernet0/1
    ip address 192.168.2.2 255.255.255.0
    ip nat inside

    ip nat inside source list NAT_ADDRESS interface FastEthernet0/0 overload
    !
    ip access-list standard NAT_ADDRESS
    permit 192.168.0.0 0.0.255.255

    you haven't configured the fa0/1 interface for flows, additionally, you have only configured fa0/0 to monitor the input traffic.

    We usually use the interface sub-commands:

    ip flow ingress
    ip flow egress

    I haven't seen it configured like that before, but i'd try configuring it on the other interface to see the other intyerfaces traffic. At the minute you are just getting the server's reply traffic.
  • shedoshedo Registered Users Posts: 7 ■□□□□□□□□□
    hmm yes i did miss the part of why not configure 0/1 instead of 0/0.
    am guessing you havent seen it configure like that
    beacuase its flexible netflow not normal
    thanks :)
Sign In or Register to comment.