Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Routing help with Cisco 2600

Hi, I am wondering if this is possible. Our ISP's router is a Cisco 2600 and I am asking them to add the Netflow commands to it so we can see who is doing what on our router when it gets busy. However our Netflow server is on our Internal network. This 2600 connects to our Cisco 2950 switch and into a VLAN where the "outside" port of our Cisco Pix sits. The 2600's IP is the first IP of our Public IP scope for example, 1.2.3.4 and the "outside" port of the Cisco Pix is the 2nd of the scope 1.2.3.5. Now if I tell my ISP that the Netflow server is on 192.168.25.25 what will need to be added to the Cisco 2600? I can't figure out how I can get this Netflow traffic from this 2600 to my LAN server.

Here is part of the 2600's config:

interface FastEthernet0/0

description Remote ISP Ethernet Interface

ip address 8.7.6.5 255.255.255.252

ip access-group 102 in

no ip proxy-arp

speed 100

full-duplex

!

interface FastEthernet0/1

description Local Corp Ethernet Interface

ip address 1.2.3.4 255.255.255.224

speed auto

full-duplex

!

ip classless

ip route 0.0.0.0 0.0.0.0 8.7.6.4

Many thanks in advance

7 REPLIES
Hall of Fame Super Blue

Re: Routing help with Cisco 2600

Hi

Do you have any spare public IP addresses ?.

If so supply this address to your ISP and then do a static translation on your pix eg.

static (inside,outside) 1.2.3.6 192.168.25.25

If you can't do this then you will need a route on the 2600

ip route 192.168.25.25 255.255.255.255 1.2.3.5

HTH

Jon

Community Member

Re: Routing help with Cisco 2600

Thanks, my ISP will add the ip route 192.168.25.25 255.255.255.255 1.2.3.5 and the various Netflow commands. Will I have to do something special on the Pix like enable 1.2.3.4 on port 9996 (netflow) to 192.168.25.25?

Hall of Fame Super Gold

Re: Routing help with Cisco 2600

Andy

Yes I would expect that you would need to configure the PIX to permit the traffic from an outside source to an inside destination on the particular port. By default the PIX does not allow outside sources to initiate traffic to inside destinations so you will need configuration to permit this.

HTH

Rick

Community Member

Re: Routing help with Cisco 2600

When I add the rule on the Pix rule:

Allow "routers ip" to "servers IP" on port 9996 (Netflow), the Pix firewall says "No NAT rule is configured for destination host "server IP" on the inside interface from the outside interface. Please configure a Static NAT or NAT Exemption rule for this host"

Shall I just let the Pix create the static translation rule?

Hall of Fame Super Gold

Re: Routing help with Cisco 2600

Andy

I would think that having the PIX create the static translation would be good.

HTH

Rick

Community Member

Re: Routing help with Cisco 2600

You will need something like:

static (inside,outside) 1.2.3.6 192.168.25.25 netmask 255.255.255.255

Make sure you allow port 9996 through your outside acl to 1.2.3.6.

Set netflow on router to deliver data to 1.2.3.6

Community Member

Re: Routing help with Cisco 2600

did this actually work, because i am having the exact same issue. craziest thing.

133
Views
0
Helpful
7
Replies
CreatePlease to create content