Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Netflow Nat traffic

Hi,

Netflow report is not listing any information regarding the NATTED internal IP. It is only listing The public IP address where it is nat overloaded. Is it a limitation with IOS?

which IOS i should use to see netflow from nat traffic

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Netflow Nat traffic

The way that NetFlow is implemented, the flow lookup and creation (NetFlow) stage is performed prior to the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could possibly try enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out, there by creating flow records with internal NAT addresses.

Check this out. http://www.netup.biz/articles.php?n=10

3 REPLIES
Silver

Re: Netflow Nat traffic

The way that NetFlow is implemented, the flow lookup and creation (NetFlow) stage is performed prior to the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could possibly try enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out, there by creating flow records with internal NAT addresses.

Check this out. http://www.netup.biz/articles.php?n=10

New Member

Re: Netflow Nat traffic

Thanks,

your reply helped a lot and the link was worth many.....

New Member

Re: Netflow Nat traffic

Ingress netflow monitors traffic as it arrives at the interface before any features are run. So it shows the public addresses, because that's what's on the wire.

Egress netflow monitors traffic as it leaves the box, after all the features have been run. This will show the NATted addresses, because that's what's being sent out on the wire.

Configure "ip flow egress" on your interface(s).

436
Views
0
Helpful
3
Replies
CreatePlease login to create content