Solved: Netflow Nat traffic

prasad.gsmc · ‎10-04-2007

Hi,

Netflow report is not listing any information regarding the NATTED internal IP. It is only listing The public IP address where it is nat overloaded. Is it a limitation with IOS?

which IOS i should use to see netflow from nat traffic

ebreniz · ‎10-10-2007

The way that NetFlow is implemented, the flow lookup and creation (NetFlow) stage is performed prior to the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could possibly try enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out, there by creating flow records with internal NAT addresses.

Check this out. http://www.netup.biz/articles.php?n=10

View solution in original post

ebreniz · ‎10-10-2007

The way that NetFlow is implemented, the flow lookup and creation (NetFlow) stage is performed prior to the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could possibly try enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out, there by creating flow records with internal NAT addresses.

Check this out. http://www.netup.biz/articles.php?n=10

prasad.gsmc · ‎10-10-2007

Thanks,

your reply helped a lot and the link was worth many.....

paitken · ‎11-27-2007

Ingress netflow monitors traffic as it arrives at the interface before any features are run. So it shows the public addresses, because that's what's on the wire.

Egress netflow monitors traffic as it leaves the box, after all the features have been run. This will show the NATted addresses, because that's what's being sent out on the wire.

Configure "ip flow egress" on your interface(s).