gdoi - traffic sourced from gm router not encrypted

Unanswered Question
Dec 12th, 2007

Group Member(GM) router in a GDOI environment, is not having it's Netflow traffic encrypted. Netflow is sourced from the Loopback interface which is included in the Key Server ACL.

All other traffic originating from behind the GM router is encrypted.

Any help?

What debug commands might help pin point how this Netflow traffic is being treated, relative to GDOI?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paitken Sat, 01/12/2008 - 15:59

Keith, netflow export traffic bypasses output features (for speed) and isn't encrypted.

You can work around this by creating a crypto tunnel to the netflow collector, and routing the netflow export through the tunnel.


This Discussion