i have a multilink connected to our isp that i want to monitor but it sits outside of our pix. how can i make this work? i searched this site but didnt find anything that applies to me. i attached a visio of our network.
im sure ill need a static nat and an acl.
thanks in advance - Jerry.
1- Are you routing or NAT throught the firewall?
2- If you're routing through the firewall, does
the router have a static route so that it knows
how to get back to the netflow server?
3- If you're natting, are you natting everything
behind the firewall to 22.214.171.124? In other words:
nat (inside) 1 172.16.1.0 255.255.255.0
global (outside) 1 interface
4- If item #3 is true, what udp port is the
netflow running on the netflow server? I
know that freeware ipflow default is 20000,
what do you use?
5- do this:
static (inside,outside) tcp interface 20000 172.16.1.15 20000 netmask 255.255.255.255 (check the syntax).
access-list External permit icmp any any log
access-list External permit ip any any log (test)
access-group External in interface outside
now configure netflow on the router to point
to 126.96.36.199 and you will be good to go.