• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 671
  • Last Modified:

Cisco router 2600 ... How to create an IP access log?

Hello

I have a Cisco router 2600.

We are using NAT and PAT.  There was an external IP address that I wanted to track down but that IP address was part of the PAT pool.  So there was not a one to one mapping. (Show XLATE).  Is there a way that I can create an IP access log so I could always map the external IP addresses with the internal?

Thanks

- Jeff
0
jeffg_91911
Asked:
jeffg_91911
  • 2
  • 2
  • 2
2 Solutions
 
mikebernhardtCommented:
If you're using PAT there will never be a one-to-one mapping. but with "show ip nat translation" you will see a list of all the current translations in memory. If you know the external IP that the host was talking to, and the type of traffic, you should be able to find the internal host in the table.
0
 
jeffg_91911Author Commented:
What is the difference in results that you get between "show ip nat translation" and "show xlate"  ?
Also how long will the current transactions stay in memory?

Thanks

- Jeff
0
 
lrmooreCommented:
The easiest way is to turn on netflow and export to NTOP
http://www.ntop.org
Windows port:
http://www.openxtra.co.uk/products/freestuff.php

Enable netflow on the router:

Interface Fast 0/0
  ip route-cache flow
!
ip flow-export <ipaddress of NTOP> version 5


http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca62e.html
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
mikebernhardtCommented:
lrmoore, will netflow show you your NAT translations?

Regarding ip nat translations vs. xlate, xlate is in the firewall feature set only, I believe- and the PIX, which is Cisco's firewall. I honestly don't know if there is a difference in output- we don't NAT on our PIX.
0
 
lrmooreCommented:
NTOP won't show you the exact nat translations, but it will show every source/destination pair, port/protocol and bandwidth used..
  BTW, on IOS router it is "show ip nat trans *"
"show xlate" is a PIX command.
If you have a PIX, then you can't use netflow..
0
 
jeffg_91911Author Commented:
Oh, good call on the PIX command.
I got a little confuse because I have both a Cisco 2600, and a Cisco PIX 515E.

So for this question, I really need help on the PIX.

To be fair here, I'll try to split the points between you guys and repost the question more accurately.

Thanks

- Jeff
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now