NetFlow Nat problem

AlexZabelin · ‎11-16-2009

Hello,

Thank you in advance for any help.

I have a Cisco7021 which works as follows: ppoe-pptp users + NAT+ Statistics collection on NetFlow (ip flow ingress - egress).

In general all works, but 50% of the traffic downloaded under natted ip written on the Inside global IP from NAT pool.

Example:

I download a file from 79.165.189.116

If I Have a real ip: [YY.YY.YYY.66]

#sh ip cache flow | inc 79.165.189.116

Vi3.297 YY.YY.YYY.66 Gi0/0* 79.165.189.116 06 132B 99B4 534

Vi3.297 YY.YY.YYY.66 Gi0/0 79.165.189.116 06 132B 99B4 534

Gi0/0 79.165.189.116 Vi3.297* YY.YY.YYY.66 06 99B4 132B 82

Gi0/0 79.165.189.116 Vi3.297 YY.YY.YYY.66 06 99B4 132B 1023

All normal, traffic fully on the subscriber

If I have private ip (NAT) [172.16.80.60]:

#sh ip cache flow | inc 79.165.189.116

Gi0/0 79.165.189.116 Vi3.156 YY.YY.YYY.33 06 FA5C 217C 3464

Gi0/0 79.165.189.116 Vi3.156* 172.16.80.60 06 FA5C 0441 1697

Vi3.156 172.16.80.60 Gi0/0 79.165.189.116 06 0441 FA5C 1859

Vi3.156 YY.YY.YYY.33 Gi0/0* 79.165.189.116 06 217C FA5C 1883

In 2 flow record inside local IP has been substituted by inside global ip [YY.YY.YYY.33].

(

ip nat pool inet YY.YY.YYY.32 YY.YY.YYY.47 prefix-length 28

#sh ip nat translations | inc 79.165.189.116

tcp YY.YY.YYY.33:3187 172.16.80.60:3187 79.165.189.116:21 79.165.189.116:21

- - - - - -

)

I have downloaded 1G but on netflow statistic for my address I have downloaded only 500M.

It is normal? Can some one guide me i will be very obliged waiting for your response.

Thank you.