Netflow Nat traffic

Answered Question
Oct 4th, 2007

Hi,

Netflow report is not listing any information regarding the NATTED internal IP. It is only listing The public IP address where it is nat overloaded. Is it a limitation with IOS?

which IOS i should use to see netflow from nat traffic

I have this problem too.
0 votes
Correct Answer by ebreniz about 9 years 2 months ago

The way that NetFlow is implemented, the flow lookup and creation (NetFlow) stage is performed prior to the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could possibly try enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out, there by creating flow records with internal NAT addresses.

Check this out. http://www.netup.biz/articles.php?n=10

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ebreniz Wed, 10/10/2007 - 06:04

The way that NetFlow is implemented, the flow lookup and creation (NetFlow) stage is performed prior to the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could possibly try enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out, there by creating flow records with internal NAT addresses.

Check this out. http://www.netup.biz/articles.php?n=10

paitken Tue, 11/27/2007 - 06:29

Ingress netflow monitors traffic as it arrives at the interface before any features are run. So it shows the public addresses, because that's what's on the wire.

Egress netflow monitors traffic as it leaves the box, after all the features have been run. This will show the NATted addresses, because that's what's being sent out on the wire.

Configure "ip flow egress" on your interface(s).

Actions

This Discussion