Migration from NAT+Loopback to "NAT+ip flow ingress/egress"

Unanswered Question
Jul 11th, 2008

I have NAT users with traffic collection for them.I using mechanism with Route map+loopback. I want migrate to "ip flow ingress/egress"

Here my config:

!

ip cef

interface Loopback1

description Netflow

ip address 172.19.3.1 255.255.255.0

ip route-cache flow

!

interface FastEthernet0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache policy

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

!

interface FastEthernet0/0.217

description TO ISP 1

encapsulation dot1Q 217

ip address 217.xxx.xxx.xxx 255.255.255.248

ip access-group 111 in

ip access-group 107 out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip policy route-map MAP

ip virtual-reassembly max-reassemblies 64

no cdp enable

!

interface FastEthernet0/0.299

description TO ISP 2

encapsulation dot1Q 299

ip address 195.xxx.xxx.xxx 255.255.255.252

ip access-group 111 in

ip access-group 107 out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip policy route-map MAP

ip virtual-reassembly max-reassemblies 64

no cdp enable

!

!

interface FastEthernet0/0.1143

description TO CATALYST 1

encapsulation dot1Q 1143

ip address 10.3.0.1 255.255.255.0

ip access-group 105 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly max-reassemblies 64

no cdp enable

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache policy

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1.1144

description TO CATALYST 2

encapsulation dot1Q 1144

ip address 10.2.0.2 255.255.255.0

ip access-group 105 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly max-reassemblies 64

no cdp enable

ip nat pool global 82.xxx.xxx.xxx 82.xxx.xxx.xxx netmask 255.255.255.252

ip nat inside source list 100 pool global overload

access-list 101 permit ip any 192.168.0.0 0.0.255.255

access-list 101 permit ip any 172.20.0.0 0.0.255.255

route-map MAP permit 10

match ip address 101

set interface Loopback1

Here config that,how I think must be look like.

ip cef

!

interface FastEthernet0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/0.217

description TO ISP 1

encapsulation dot1Q 217

ip address 217.xxx.xxx.xxx 255.255.255.248

ip access-group 111 in

ip access-group 107 out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly max-reassemblies 64

no cdp enable

!

interface FastEthernet0/0.299

description TO ISP 2

encapsulation dot1Q 299

ip address 195.xxx.xxx.xxx 255.255.255.252

ip access-group 111 in

ip access-group 107 out

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly max-reassemblies 64

no cdp enable

!

interface FastEthernet0/0.1143

description TO CATALYST 1

encapsulation dot1Q 1143

ip address 10.3.0.1 255.255.255.0

ip access-group 105 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly max-reassemblies 64

no cdp enable

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1.1144

description TO CATALYST 2

encapsulation dot1Q 1144

ip address 10.2.0.2 255.255.255.0

ip access-group 105 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly max-reassemblies 64

no cdp enable

ip nat pool global 82.xxx.xxx.xxx 82.xxx.xxx.xxx netmask 255.255.255.252

ip nat inside source list 100 pool global overload

If its wrong can somebody help with config correction.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Fri, 07/11/2008 - 05:01

You will have twice as much statistic for traffic between interfaces FastEthernet0/1.1144 and FastEthernet0/0.1143.

If you doesn't care about it then you config is correct.

[Pls RATE if HELPS]

seducer666 Sun, 07/13/2008 - 02:59

What you mean "twice as much statistic for traffic" ?

Users connect between each other by local link,the question is only for Internet traffic (users<->NAT<->Internet)

Here my scheme:

ISP1 ISP2

----------7204-G2---------

F0/0.1143 F0/1.1144

Catalyst1---Local---Catalyst2

(nat users) (nat users)

Thanks for help

a.alekseev Sun, 07/13/2008 - 09:22

I just want to say that you will have double statictic for traffic between F0/0.1143 F0/1.1144.

All other statistic (for internet traffic) will be correct.

Actions

This Discussion