I have an 881G with a verizon cellular modem with EZVPN in Nework Extension mode. This config is leaking Netflow packets directly out the Cellular interface. I want them to go through my IPSEC tunnel to my internal Netflow collector. Same is happening for NTP. Because these packets have private IP addresses (10.x.x.x) in source field Verizon keeps shutting down the Cellular interface. I've tried natting and ACL's but since these packets are generated by the router, it bypasses these mechanisms.
Does anyone have a workaround for this issue.
flow exporter Raleigh
I had not previously tried EZVPN with NEM, so I set up this lab.
I set up the EZVPN server as an NTP master. The two routers are connected to each other over the same Ethernet segment, 172.16.186.0/24.
I have my NTP source interface set to the loopback on each of the two routers.
It looks like my NTP packets are going through the VPN tunnel.
If you are still having this problem, could you post your configs (sanitized)?
Did you try associating your NTP and Netflow traffic with a specific interface on your router? Include these interfaces in your encryption domain.
ip flow-export source Loopback0
ntp source Loopback0