Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
1
Replies

How to implement Netflow through VPN tunnel on the WAN router

jackawang
Level 5
Level 5

‎03-29-2010 06:04 PM

Site-to-site IPSec VPN tunnel is built between the hub datacenter and a remote site using ASA5505. The remote site ASA connects to a Cisco C2811 router and then goes to the ISP edge. The requirement is to enable Netflow on the WAN router and collect data. The Netflow Analyser (Solarwinds-Orion) resides in the hub datacenter's LAN.

Netflow Analyzer (10.1.1.10) --- (10.1.1.1)ASA1(123.1.2.1) ---- (123.1.2.2)Router1(125.5.5.5) ---->Internet< ----- (126.6.6.6)Router2(100.2.2.2)----(100.2.2.1)ASA2(10.2.1.1)---LAN

I'd like to get Netflow stats on the WAN routers between IPSec devices. And the stats need to be encrypted. In other words, I do not want to send Netflow data across the public network. My thought was to send Netflow data through the IPSec tunnel. How can I accomplish this?

Labels:
0 Helpful
1 Reply 1

jackawang
Level 5
Level 5

‎03-30-2010 12:22 PM

I've heard "same-security-traffic permit intra-interface" needs to be configured on the ASA2 outside interface. Does anyone have a complete thought how to make it work? Any idea would be appreciated.

0 Helpful
Customers Also Viewed These Support Documents