Cisco router 2600 ... How to create an IP access log?

Hello

I have a Cisco router 2600.

We are using NAT and PAT.  There was an external IP address that I wanted to track down but that IP address was part of the PAT pool.  So there was not a one to one mapping. (Show XLATE).  Is there a way that I can create an IP access log so I could always map the external IP addresses with the internal?

Thanks

- Jeff
jeffg_91911Asked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
The easiest way is to turn on netflow and export to NTOP
http://www.ntop.org
Windows port:
http://www.openxtra.co.uk/products/freestuff.php

Enable netflow on the router:

Interface Fast 0/0
  ip route-cache flow
!
ip flow-export <ipaddress of NTOP> version 5


http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca62e.html
0
 
mikebernhardtConnect With a Mentor Commented:
If you're using PAT there will never be a one-to-one mapping. but with "show ip nat translation" you will see a list of all the current translations in memory. If you know the external IP that the host was talking to, and the type of traffic, you should be able to find the internal host in the table.
0
 
jeffg_91911Author Commented:
What is the difference in results that you get between "show ip nat translation" and "show xlate"  ?
Also how long will the current transactions stay in memory?

Thanks

- Jeff
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
mikebernhardtCommented:
lrmoore, will netflow show you your NAT translations?

Regarding ip nat translations vs. xlate, xlate is in the firewall feature set only, I believe- and the PIX, which is Cisco's firewall. I honestly don't know if there is a difference in output- we don't NAT on our PIX.
0
 
lrmooreCommented:
NTOP won't show you the exact nat translations, but it will show every source/destination pair, port/protocol and bandwidth used..
  BTW, on IOS router it is "show ip nat trans *"
"show xlate" is a PIX command.
If you have a PIX, then you can't use netflow..
0
 
jeffg_91911Author Commented:
Oh, good call on the PIX command.
I got a little confuse because I have both a Cisco 2600, and a Cisco PIX 515E.

So for this question, I really need help on the PIX.

To be fair here, I'll try to split the points between you guys and repost the question more accurately.

Thanks

- Jeff
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.