[flow-tools] reports considerations with NAT
Systems Administrator
sysadmin@sunet.com.au
Wed, 8 Jan 2003 16:27:25 +1100
Not quite as easy as you make it sound. I've just spent 2 weeks banging
my head against this, and I think I've finally got it licked, but not sure
yet.
Anyway, NAT happens before Netflow, so it will only record the global
addresses. What I did to get around this was this:
Netflow on ATM1/0.2
NAT inside on Loopback0
NAT outside on other interfaces
route-map nat-loop permit 10
match ip address 152
set interface Loopback0
And on ATM1/0.2:
ip policy route-map nat-loop
Anyway, it seems to be doing the NAT correctly and recording some flow
info. But we'll see how it continues.
:)
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin@sunet.com.au
----- Original Message -----
From: "Horatio B. Bogbindero" <wyu@ateneo.edu>
To: "ctc" <corban@wirednation.com>
Cc: "flow tools list" <flow-tools@splintered.net>
Sent: Wednesday, January 08, 2003 11:16 AM
Subject: Re: [flow-tools] reports considerations with NAT
> ctc <corban@wirednation.com>:
>
> > Is there anything I need to be wary of if I decide to run NAT on the
same
> > router I'm collecting flows on? I'm running a cisco 2651. IOS
> > 12.0(something).
> > I want to generate reports with the pre-nat address.
> > Anyone have experience with this?
> >
> just make sure you use either the filter option of
flow-report/flow-nfilter or
> flow-filter to filter the interfaces your would like to listen to. that
would
> mean filtering our the interface with NAT attached.
>
>
> -----------------------------------------------
> William Emmanuel S. Yu
> Ateneo Campus Network Group (AteneoCNG)
> email : wyu at ateneo dot edu
> web : http://CNG.ateneo.net/cng/wyu/
> phone : +63(2)4266001-4186
> GPG : http://CNG.ateneo.net/cng/wyu/wyy.pgp
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools
>