<div dir="ltr">Rafal,<div><br></div><div>Problem is with keywords at the ip nat pool, you are using multibind and must use paired-mode. Here is a complete config that was tested on a SE1200 SEOS 11.x:</div><div><br></div><div>
<div>context local</div><div>!</div><div> nat logging-profile LOGGING_PROF</div><div> transport-protocol udp</div><div> export-version v9</div><div> source 10.10.10.10 port 2055</div><div> destination 1.1.1.1 context local port 2055</div>
<div> dscp ef</div><div>!<br></div><div>! the following can be at any context including local</div><div>!</div><div> ip nat pool NAT_POOL napt paired-mode logging</div><div> paired-mode subscriber over-subscription 100 port-limit 1000</div>
<div> logging-profile LOGGING_PROF context local</div><div> address <a href="http://192.168.208.0/28">192.168.208.0/28</a><br></div><div>!</div><div> nat policy NAT_POLICY enhanced</div><div>! Default class</div><div> pool NAT_POOL cgnat</div>
<div> timeout abandoned 3600</div><div> endpoint-independent filtering tcp</div><div> endpoint-independent filtering udp</div><div> inbound-refresh udp</div><div> icmp-notification</div></div><div><br></div><div><br>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 30, 2013 at 10:58 AM, Golem <span dir="ltr"><<a href="mailto:golem@mtm-info.pl" target="_blank">golem@mtm-info.pl</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello<br>
<br>
Im trying to setup NAT logging, this is how my config looks:<br>
<br>
context routerek<br>
<br>
<br>
nat logging-profile LogowanieNAT<br>
transport-protocol udp<br>
export-version v9<br>
source 11.0.0.33 port 5000<br>
destination 11.0.0.1 port 5000<br>
<br>
<br>
ip nat pool ip_test_lan1_nat napt multibind logging<br>
logging-profile LogowanieNat<br>
address <a href="http://178.214.29.1/32" target="_blank">178.214.29.1/32</a> port-block 1 to 15<br>
address <a href="http://178.214.29.2/32" target="_blank">178.214.29.2/32</a> port-block 1 to 15<br>
<br>
<br>
nat policy ip_test_lan1_nat_policy enhanced<br>
! Default class<br>
pool ip_test_lan1_nat routerek<br>
timeout tcp 18000<br>
inbound-refresh udp<br>
icmp-notification<br>
!<br>
interface loop1 loopback<br>
ip address <a href="http://11.0.0.33/27" target="_blank">11.0.0.33/27</a><br>
ip source-address radius flow-ip<br>
no logging console<br>
!<br>
!<br>
....<br>
(config truncated)<br>
<br>
<br>
<br>
NAT does work , there is internet access etc, but collector 11.0.0.1 (linux)<br>
not receiving any packets on port 5000, tcpdump doesn't show anything.<br>
How to debug Nat logging ? debug nat all - doesn't show anything useful about logging.<br>
Do I need setup some additional config like flow collector/flow profile for nat logging<br>
to make it working ?<br>
<br>
Rafal<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
redback-nsp mailing list<br>
<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/redback-nsp" target="_blank">https://puck.nether.net/mailman/listinfo/redback-nsp</a><br>
</blockquote></div><br></div>