Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec Tunnel and NetFlow Packets

I have a 1841 router running IPSec with an ASA. F0/0 is the source interface. I also configured NetFlow, which is to be sent via the IPSec tunnel to the analyzer. The acl defining the IPSec interesting traffic covers the NetFlow source and destination addresses. But NetFlow traffic is not picked up by the tunnel. When I ping the destination from the router, the icmp traffic is picked up and goes through the tunnel. Are there ways to force NetFlow traffic to go to the tunnel?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: IPSec Tunnel and NetFlow Packets

Is there a route to the netflow destination address? I've seen issues with traffic that was headed for a destination that wasn't in the routing table not being sent down a VPN.

3 REPLIES
New Member

Re: IPSec Tunnel and NetFlow Packets

Is there a route to the netflow destination address? I've seen issues with traffic that was headed for a destination that wasn't in the routing table not being sent down a VPN.

New Member

Re: IPSec Tunnel and NetFlow Packets

Yes, I have a static host route. the traffic is always sent to the next hop router, not into the IPSec tunnel that is defined by the acl.

New Member

Re: IPSec Tunnel and NetFlow Packets

Hi,

The problem is solved by the static route pointing to the outgoing interface instead of the next-hop address.

Thanks for directing me to think in the correct way.

184
Views
0
Helpful
3
Replies