Flexible NetFlow through Cryptomap Tunnel

Unanswered Question
Sep 3rd, 2010

Hi Guys,

Came to know that FNF will solve the issue of exporting NetFlow packets through Cryptomap Tunnel.


Confiugred my router to export Flexible NetFlow through Cryptomap tunnel. But I am not seeing any NetFlow packets on my management server. Verified this using packet capture tool (Wireshark). I have attached my configuration. Any help will be deeply appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
jakewilson Mon, 09/06/2010 - 04:54


If the traffic is encrypted in a tunnel, some NetFlow Analyzers like Scrutinizer will drop data such as:

  • ENCAP(98)
  • ESP(50)
  • ETHERIP(97)
  • GRE(47)
  • IPIP(94)

This done because some routers will export the same data twice (i.e. once in native format, a second time as tunneled traffic).  This causes excessive utilization reports that are not accurate.

This dropping of traffic was recommened by Cisco.  I hope I understood your question.


linker.team Wed, 09/08/2010 - 02:26


I think you have not understood my question. I have mentioned that NetFlow packets are not reaching the server, thats why I have mentioned that wireshark also does not packets on the server.

jakewilson Wed, 09/08/2010 - 11:18

sorry about that.  Any chance something in the path could be filtering the traffic?  I haven't set up a Cryptomap Tunnel before.


This Discussion