From: dampened (cheechew@hotmail.com)
Date: Wed Apr 04 2007 - 22:33:48 ART
Yes, you apply ip accounting on the outgoing interface, you are accounting
the NATed traffic and you can limit by prefix but not to tcp/udp port level.
Is there any way that we can do accounting for the pre NAT (before NAT)
traffic?
For example inside source 150.1.1.1 is NATed to 167.1.1.1. When host telnet
to 167.1.1.1 it will be translated to 150.1.1.1. How can I do ip accounting
on 167.1.1.1 (not 150.1.1.1)?
-----Original Message-----
From: Ivan [mailto:ivan@iip.net]
Sent: Wednesday, April 04, 2007 3:04 AM
To: ccielab@groupstudy.com; Erin Brown (erbrown)
Subject: Re: IP accounting Question
IP accountig affect only to the outgoing traffic. If you want to account
all NAT-ed traffic you must switch on ip accounting on the ip nat
outside interface. And filter all other traffic.
(ip accounting access-list NAT_IP 0.0.0.0) - In this command you must
use wildcard. Although IOS help show "mask". This is one of erroneous
IOS place.
This configuration can account _all_ NAT traffic. You can't account
telnet or www on the outside interface.
On Wednesday 04 April 2007 06:05, Erin Brown (erbrown) wrote:
> I have what may be a very basic question, but has me a little stumped.
> If you're using NAT for a few specific traffic types such as http and
> telnet, how would you go about accounting all traffic destined for the
> NAT address without counting any other traffic?
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART