Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need to count IP address hits

Posted on 2014-11-20
5
Medium Priority
?
161 Views
Last Modified: 2014-12-17
Hello

Task - I have been asked to check if certain NAT rules are being utilized at this time, usually this would be a matter of looking at the firewall (ASA in my case) or to simply look at the end devices to check if there's any incoming traffic from the outside. Either option is not available right now.

Scenario - We currently use the ISP as our firewall, they firewall and NAT outside addresses into our internal addresses. The ISP doesn't provide NAT metrics to us. Incoming traffic hits our edge router and then our ASA (used for VPN mostly).

What I have tried - I put an ACL on our edge router interface (in) permitting the NATted to internal ip addresses expecting to  see some ACL matches if hit. See text below for ACL and interface configs.
ON the ACL I have tried with and without the "LOG" option.

What is the method to collect IP traffic information on a Cisco 1941?

Any assistance would be greatly appreciated.

Thanks in advance
-----------------------
R1#show access-list

Standard IP access list 88
    20 permit 192.168.111.7
    30 permit 192.168.111.8
    10 deny   192.168.55.11
    40 permit 192.168.34.27
    50 permit 192.168.31.40
    60 permit 192.168.34.18
    70 permit 192.168.32.13
    80 permit 192.168.3.33
    90 permit 192.168.25.6
    100 permit any (4920313 matches)
------------
R1#sh run int gig 0/0

interface GigabitEthernet0/0
 ip address 65.118.86.166 255.255.255.252
 ip access-group 88 in
 duplex full
 speed 100
--------------
0
Comment
Question by:CocoCounty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Garry Glendown earned 1000 total points
ID: 40456733
You could also configure the ASA with rules for each device, it will also keep a counter on rule hits ... not exactly sure why you don't get any hits on the single IPs in the access list, unless the IOS is optimizing the access list matches (try adding an arbitrary deny rule between the last specific permit and the permit any rule ... not sure if that will do anything)
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1000 total points
ID: 40457350
if you can configure logging and log to an internal syslog server, the sky is the limit with analyzing the log data.
0
 

Author Comment

by:CocoCounty
ID: 40459485
Thank you Garry-G and Jan,

I will try both. I need to wait until Monday to do any work on the router. I will post the results then.

Thanks again
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 40459520
If you are open to more extensive analysis, things like Netflow Accounting could deliver even more information ...
0
 

Author Comment

by:CocoCounty
ID: 40505004
The ACL with a deny statement did the job.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question