03-03-2008 12:20 AM - edited 02-21-2020 03:35 PM
I have a 1841 router running IPSec with an ASA. F0/0 is the source interface. I also configured NetFlow, which is to be sent via the IPSec tunnel to the analyzer. The acl defining the IPSec interesting traffic covers the NetFlow source and destination addresses. But NetFlow traffic is not picked up by the tunnel. When I ping the destination from the router, the icmp traffic is picked up and goes through the tunnel. Are there ways to force NetFlow traffic to go to the tunnel?
Thanks.
Solved! Go to Solution.
03-03-2008 06:47 AM
Is there a route to the netflow destination address? I've seen issues with traffic that was headed for a destination that wasn't in the routing table not being sent down a VPN.
03-03-2008 06:47 AM
Is there a route to the netflow destination address? I've seen issues with traffic that was headed for a destination that wasn't in the routing table not being sent down a VPN.
03-03-2008 12:13 PM
Yes, I have a static host route. the traffic is always sent to the next hop router, not into the IPSec tunnel that is defined by the acl.
03-03-2008 02:14 PM
Hi,
The problem is solved by the static route pointing to the outgoing interface instead of the next-hop address.
Thanks for directing me to think in the correct way.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide