Re: The problem: NetFlow is missing info in case of NAT

mrjackdaniel · ‎08-22-2006

Hello dear colleagues!

I have the following problem.

I use NAT. And all traffic going from the outside to a local IP-address (e.g. Internet) generates NetFlow packets missing info on the local IP-address. Instead of this they contain external IP-address of the router. And if I need to calculate Internet traffic relatively to local IP-adresses this makes a problem.

Does anyone know how to solve it?

vijayasankar · ‎08-22-2006

Hi,

Where have you applied the netflow? on which router? which interface ?

Can you provide more information on this.

If i assume that you have 2 interface in your router one connected to the External network and one connected to your internal network, then enabling netflow on the internal interface will get what you want.

-VJ

mrjackdaniel · ‎08-22-2006

Cisco 3620. Data coming from the outside is being captured at the external router interface - that's the way NetFlow system is organized.

vijayasankar · ‎08-22-2006

Hi,

If you could provide some more details on your setup, it would be nice.

You have mentioned that netflow is enabled on cisco 3620 routers external interface.

Try enabling netflow on the inside interface (probably the ethernet interface) on this router, which sees the De'Nated traffic.

All you have to do it enabled ip netflow switching on the inside interface in this router. then the flow from this interface will also go to your netflow server, from where you can see the statistics..

HTH

-VJ

jmcsinger · ‎08-22-2006

Here is an article concerning this little problem:

http://www.netup.biz/articles.php?n=10