Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
7
Replies

Routing help with Cisco 2600

whiteford
Level 1
Level 1

‎01-07-2008 01:45 AM - edited ‎03-03-2019 08:08 PM

Hi, I am wondering if this is possible. Our ISP's router is a Cisco 2600 and I am asking them to add the Netflow commands to it so we can see who is doing what on our router when it gets busy. However our Netflow server is on our Internal network. This 2600 connects to our Cisco 2950 switch and into a VLAN where the "outside" port of our Cisco Pix sits. The 2600's IP is the first IP of our Public IP scope for example, 1.2.3.4 and the "outside" port of the Cisco Pix is the 2nd of the scope 1.2.3.5. Now if I tell my ISP that the Netflow server is on 192.168.25.25 what will need to be added to the Cisco 2600? I can't figure out how I can get this Netflow traffic from this 2600 to my LAN server.

Here is part of the 2600's config:

interface FastEthernet0/0

description Remote ISP Ethernet Interface

ip address 8.7.6.5 255.255.255.252

ip access-group 102 in

no ip proxy-arp

speed 100

full-duplex

!

interface FastEthernet0/1

description Local Corp Ethernet Interface

ip address 1.2.3.4 255.255.255.224

speed auto

full-duplex

!

ip classless

ip route 0.0.0.0 0.0.0.0 8.7.6.4

Many thanks in advance

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎01-07-2008 01:53 AM

Hi

Do you have any spare public IP addresses ?.

If so supply this address to your ISP and then do a static translation on your pix eg.

static (inside,outside) 1.2.3.6 192.168.25.25

If you can't do this then you will need a route on the 2600

ip route 192.168.25.25 255.255.255.255 1.2.3.5

HTH

Jon

0 Helpful

whiteford
Level 1
Level 1
In response to Jon Marshall

‎01-07-2008 02:58 AM

Thanks, my ISP will add the ip route 192.168.25.25 255.255.255.255 1.2.3.5 and the various Netflow commands. Will I have to do something special on the Pix like enable 1.2.3.4 on port 9996 (netflow) to 192.168.25.25?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to whiteford

‎01-07-2008 04:49 AM

Andy

Yes I would expect that you would need to configure the PIX to permit the traffic from an outside source to an inside destination on the particular port. By default the PIX does not allow outside sources to initiate traffic to inside destinations so you will need configuration to permit this.

HTH

Rick

HTH

Rick
0 Helpful

whiteford
Level 1
Level 1
In response to Richard Burts

‎01-07-2008 05:40 AM

When I add the rule on the Pix rule:

Allow "routers ip" to "servers IP" on port 9996 (Netflow), the Pix firewall says "No NAT rule is configured for destination host "server IP" on the inside interface from the outside interface. Please configure a Static NAT or NAT Exemption rule for this host"

Shall I just let the Pix create the static translation rule?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to whiteford

‎01-07-2008 05:43 AM

Andy

I would think that having the PIX create the static translation would be good.

HTH

Rick

HTH

Rick
0 Helpful

adam.sellhorn
Level 4
Level 4
In response to whiteford

‎01-07-2008 10:08 AM

You will need something like:

static (inside,outside) 1.2.3.6 192.168.25.25 netmask 255.255.255.255

Make sure you allow port 9996 through your outside acl to 1.2.3.6.

Set netflow on router to deliver data to 1.2.3.6

0 Helpful

dphills18
Level 1
Level 1
In response to adam.sellhorn

‎02-15-2008 02:16 PM

did this actually work, because i am having the exact same issue. craziest thing.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card