Neil

I wonder if the issue may have to do with sending the NetFlow through the VPN. Is it possible that there are periods of time when the VPN tunnel is not active that might account for the missing NetFlow records?

When the collector has been missing NetFlow from the 1841 and begins receiving again, does it get only intermittent NetFlow packets or does it get them steadily for a period of time? If steadily for a period of time, what is the amount of the period of time?

When you did you packet capture, did you notice whether the NetFlow packets might have the DoNotFragment bit turned on?

HTH

Rick

Paolo - I will check if I can get another IOS to install but was hoping to leave that as pretty much a last resort (unless it could be established there was some sort of Netflow bug in the particular IOS I'm running)

Rick - yes, I'm convinced this is something to do with sending the Neflow through the VPN though I'm just unsure as to exactly what the problem is. (And it must be something to do with the 1841/this IOS as I have other devices also connected via IPSEC VPN but not exhibiting this problem).

The VPN tunnel is definitely active even when Netflow data is not being recieved as plenty other traffic is being sent over it (in fact, the periods when no netflow data is being received by my collector are far longer than when it does receive netflow data for this particular device)

The interesting thing is, on the few occassions my collector is receiving netflow data from this device, it does seem to be intermittent flow records that are being received.

I've not actually had the packet capture running when the Netflow data was being received (I just kept it running for a few hours to establish that it wasn't being received and my collector was therefore not at fault!)

But that is a good suggestion, I will keep the packet capture running for longer and try to capture some "successful" Netflow data from this device too.

Thanks for the help - any more advice/suggestions will be welcome too!

Rick - you are a genius! That's exactly what the problem was! For some reason, our 1841 had a larger MTU size set than our other routers. I changed the MTU on the 1841 to be the same as our other routers and, right away, I started to get all my netflow data from the router. Thanks very much indeed for your help on this - very much appreciated!

Paolo - yes, I have found similar in the past with IOS bugs. However, for a problem which is more of a "management" issue than service affecting, I'd rather try to get to the bottom of the problem first (unless there is a known bug) and leave the IOS upgrade as a last resort (particularly as there is every chance a new IOS could introduce a different bug which IS service affecting!) As it happens, this was the correct choice here as the problem wasn't IOS related after all. Thanks for your help though.

Neil

I am glad that you got your problem resolved and that my suggestion correctly pointed to the issue. Thank you for using the rating system to indicate that your problem was resolved (and thanks for the rating). It makes the forum more useful when people can read about a problem and can know that they will read a response which pointed to the solution.

HTH

Rick

When working with cisco, never assume there is no bug just because it is not know yet. Many many issues are mysteriously resolved upgrading or downgrading.

It should not be like that, but it is.