Differences

This shows you the differences between two versions of the page.

--- netflow:asrnatlog [2024/09/25 17:45] – veera
+++ netflow:asrnatlog [2025/02/28 16:30] (current) – [Use NetFlow NAT Logging] veera
@@ Line 20: / Line 20: @@
+===== CGNAT mode =====
+In CGNAT mode, Cisco ASR uses both NAT (Network Address Translation) and PAT (Port Address Translation) to carry multiple private IP into a single Public IP by partitioning the port space.
+CGNAT requires only source NAT for connections initiated from inside to the outside. Hence by default, only the source NAT/PAT is logged by the ''ip nat log translations'' command. You can use Trisul IPDR's HalfNAT to lookup in real time  and correlate with the destination IP.
+Another option is to use ''log destination'' for CGNAT ((Cisco CGNAT configuration guide https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16-9/nat-xe-16-9-book/iadnat-cgn.html))
+<code>
+ip nat settings log-destination
+ip nat log translations flow-export v9 udp ipv6-destination 2001::2 30000 source GigabitEthernet0/0/3
+ip nat log translations flow-export v9 udp destination 172.27.61.85 20000
+</code>
+{{:netflow:cgnatdocs.png?400|}}