[rbak-nsp] NAT Logging

Tomas Lynch tomas.lynch at gmail.com
Wed Oct 30 15:43:15 EDT 2013 

And I'm assuming you have the license for CGNAT, right?


On Wed, Oct 30, 2013 at 4:40 PM, Tomas Lynch <tomas.lynch at gmail.com> wrote:

> Rafal,
>
> Problem is with keywords at the ip nat pool, you are using multibind and
> must use paired-mode. Here is a complete config that was tested on a SE1200
> SEOS 11.x:
>
> context local
> !
>  nat logging-profile LOGGING_PROF
>   transport-protocol udp
>   export-version v9
>   source 10.10.10.10 port 2055
>   destination 1.1.1.1 context local port 2055
>   dscp ef
> !
> ! the following can be at any context including local
> !
>  ip nat pool NAT_POOL napt paired-mode logging
>   paired-mode subscriber over-subscription 100 port-limit 1000
>   logging-profile LOGGING_PROF context local
>   address 192.168.208.0/28
> !
>  nat policy NAT_POLICY enhanced
> ! Default class
>   pool NAT_POOL cgnat
>   timeout abandoned 3600
>   endpoint-independent filtering tcp
>   endpoint-independent filtering udp
>   inbound-refresh udp
>   icmp-notification
>
>
>
>
> On Wed, Oct 30, 2013 at 10:58 AM, Golem <golem at mtm-info.pl> wrote:
>
>> Hello
>>
>> Im trying to setup NAT logging, this is how my config looks:
>>
>> context routerek
>>
>>
>>  nat logging-profile LogowanieNAT
>>   transport-protocol udp
>>   export-version v9
>>   source 11.0.0.33 port 5000
>>   destination 11.0.0.1 port 5000
>>
>>
>>  ip nat pool ip_test_lan1_nat napt multibind logging
>>   logging-profile LogowanieNat
>>   address 178.214.29.1/32 port-block 1 to 15
>>   address 178.214.29.2/32 port-block 1 to 15
>>
>>
>>   nat policy ip_test_lan1_nat_policy enhanced
>> ! Default class
>>   pool ip_test_lan1_nat routerek
>>   timeout tcp 18000
>>   inbound-refresh udp
>>   icmp-notification
>> !
>>  interface loop1 loopback
>>   ip address 11.0.0.33/27
>>    ip source-address radius flow-ip
>>  no logging console
>> !
>> !
>> ....
>> (config truncated)
>>
>>
>>
>> NAT does work , there is internet access etc, but collector 11.0.0.1
>> (linux)
>> not receiving any packets on port 5000, tcpdump doesn't show anything.
>> How to debug Nat logging ? debug nat all - doesn't show anything useful
>> about logging.
>> Do I need setup some additional config like flow collector/flow profile
>> for nat logging
>> to make it working ?
>>
>> Rafal
>>
>>
>>
>>
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20131030/540de9d7/attachment.html>

More information about the redback-nsp mailing list