If you want to filter p2p, you can do this either on the router or on the pix. I answered how this is done on a router, here.
To do this on a pix is a bit differen. you’ll need to tell us what version of the pix os you have ( do the show version) command
You don’t need another proxy to do accounting. You’ll need to simply set up your nbar or flow monitoring on the router. I know the pix v7.0+ allows flow based policies(eg filter all kazaa traffic or youtube.com destination traffic)
I’m not sure if you can export it to a netflow collector like ntop from the pix.
Here’s an example of how you do it from the router.
Router(config-if)# ip route-cache flow
Router(config)# ip flow-export destination 172.17.246.225 9996
Router(config)# ip flow-export version 9
Router(config)# ip flow-export source loopback 0
Finally your NAT 0 eschews translation, NAT 1 command will not do anything unless its paired with a “global 1” command. Look for that in your config and you’ll see where your traffic is being pat’ed to. Alternatively you might see a static (interface, interface) IP iP command. That is a static NAT command.
Let me know if this helps
Discuss This Question: