Hi List As a relative newbie to netflow can someone confirm for me whether or not netflow records from a single interface of a cisco router contain information about packets in BOTH directions or only one?
I am attempting to replace a linux box acting as a router running pmacctd with a cisco router running netflow sending records to nfacctd. The tricky bit is that I am running NAT on the external interface of the router with a private IP block behind it and I need to see data on inbound AND outbound traffic. With pmacctd on a linux box I can see data in both directions on the internal interface(s) but I don't appear to be getting it with the cisco. If in enable "ip route-cache flow" on the external interface I see all the flows related to the external NAT IP which is useless as I need to match it to the hosts behind. I have also tried to setup a looback interface, with netflow enabled on it, and route all traffic via it, but I dont seem to be receiving any flow records from it. Can anyone help? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpbVQylhZUAt.pgp
Description: PGP signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
