Re: IP accounting Question

From: ivan (ivan@iip.net)
Date: Thu Apr 05 2007 - 05:50:53 ART

• Next message: maureen schaar: "Re: How to block a particular MAC on Router level?"
• Previous message: John Gibson: "RE: Re: routers don't fragment any packet. End hosts all MUST"
• Maybe in reply to: Erin Brown \(erbrown\): "IP accounting Question"
• Next in thread: Edouard Zorrilla: "Re: IP accounting Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You must make traffic to 167.1.1.1 transition through router and only then
nat. To accomplish this policy-routing can be used. Incoming interface must
have policy-routing wich direct traffic with dst addr 167.1.1.1 to Lo167. Ip
accountig applied to Lo167 also ip nat inside. Therefore you account "inside
local" packets and then nat it.

On Thursday 05 April 2007 05:33, dampened wrote:
> Yes, you apply ip accounting on the outgoing interface, you are accounting
> the NATed traffic and you can limit by prefix but not to tcp/udp port
> level.
>
> Is there any way that we can do accounting for the pre NAT (before NAT)
> traffic?
>
> For example inside source 150.1.1.1 is NATed to 167.1.1.1. When host telnet
> to 167.1.1.1 it will be translated to 150.1.1.1. How can I do ip accounting
> on 167.1.1.1 (not 150.1.1.1)?
>
>
>
> -----Original Message-----
> From: Ivan [mailto:ivan@iip.net]
> Sent: Wednesday, April 04, 2007 3:04 AM
> To: ccielab@groupstudy.com; Erin Brown (erbrown)
> Subject: Re: IP accounting Question
>
> IP accountig affect only to the outgoing traffic. If you want to account
> all NAT-ed traffic you must switch on ip accounting on the ip nat
> outside interface. And filter all other traffic.
> (ip accounting access-list NAT_IP 0.0.0.0) - In this command you must
> use wildcard. Although IOS help show "mask". This is one of erroneous
> IOS place.
>
> This configuration can account _all_ NAT traffic. You can't account
> telnet or www on the outside interface.
>
> On Wednesday 04 April 2007 06:05, Erin Brown (erbrown) wrote:
> > I have what may be a very basic question, but has me a little stumped.
> > If you're using NAT for a few specific traffic types such as http and
> > telnet, how would you go about accounting all traffic destined for the
> >
> > NAT address without counting any other traffic?
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> --
> Ivan
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Ivan

• Next message: maureen schaar: "Re: How to block a particular MAC on Router level?"
• Previous message: John Gibson: "RE: Re: routers don't fragment any packet. End hosts all MUST"
• Maybe in reply to: Erin Brown \(erbrown\): "IP accounting Question"
• Next in thread: Edouard Zorrilla: "Re: IP accounting Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART