Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
946
Views
1
Helpful
3
Replies

Flexible NetFlow through Cryptomap Tunnel

linker.team
Level 1
Level 1

‎09-03-2010 06:29 AM

Hi Guys,

Came to know that FNF will solve the issue of exporting NetFlow packets through Cryptomap Tunnel.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/prod_white_paper0900aecd804be1cc.html

Confiugred my router to export Flexible NetFlow through Cryptomap tunnel. But I am not seeing any NetFlow packets on my management server. Verified this using packet capture tool (Wireshark). I have attached my configuration. Any help will be deeply appreciated.

Labels:
71538-FNF.txt.zip
0 Helpful
3 Replies 3

jakewilson
Level 1
Level 1

‎09-06-2010 04:54 AM

Hello,

If the traffic is encrypted in a tunnel, some NetFlow Analyzers like Scrutinizer will drop data such as:

  • ENCAP(98)
  • ESP(50)
  • ETHERIP(97)
  • GRE(47)
  • IPIP(94)

This done because some routers will export the same data twice (i.e. once in native format, a second time as tunneled traffic).  This causes excessive utilization reports that are not accurate.

This dropping of traffic was recommened by Cisco.  I hope I understood your question.

Jake

linker.team
Level 1
Level 1
In response to jakewilson

‎09-08-2010 02:26 AM

Hi,

I think you have not understood my question. I have mentioned that NetFlow packets are not reaching the server, thats why I have mentioned that wireshark also does not packets on the server.

0 Helpful

jakewilson
Level 1
Level 1
In response to linker.team

‎09-08-2010 11:18 AM

sorry about that.  Any chance something in the path could be filtering the traffic?  I haven't set up a Cryptomap Tunnel before.

0 Helpful
Customers Also Viewed These Support Documents