Hello everybody,
I'm having a problem exporting flows from a cisco 1760 router with two physical interfaces. The interfaces are a Serial0/0 with nat enabled, plus a FastEthernet interface, off which is hanging multiple vlans.
I have added an 'ip route-cache flow' directive to the primary FastEthernet0/0 interface and what i'm finding is that I'm getting flows exported for traffic between subinterfaces (which is fine), as well as from subinterfaces onto the internet (also fine).
to clarify, i'm getting this :
srcIP dstIP prot srcPort dstPort octets packets 192.168.1.2 123.321.2.3 6 1188 80 2288 6
What i'm not getting, and desperately need, is traffic information from the internet back to a private host, eg :
123.321.2.3 192.168.1.2 6 80 1188 4209254 10500
Setting up an 'ip route-cache flow' on the NAT'ted Serial0/0 interface only gives me flows against the public interface, which is less than helpful - it doesn't tell me anything about the LAN hosts responsible for the flow.
I'm pretty sure it has something to do with the netflow version configured on the router. Documentation for Netflow v9 suggests NAT is supported, however flow-tools doesn't seem to presently support this netflow version. Is this correct? I saw a post from 2002 which would suggest this support wasn't far away...
Could this be a configuration problem or a versioning problem? If its a versioning issue - how can I fix it? I desperately need to figure out download statistics. Anybody else had any experience with netflow and nat gateways?
any help very much appreciated.
thanks :)
Michael Pearson. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
