Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NetFlow through VPN

How do you encrypt NetFlows through a VPN connection?

I've set the netflow destination to be on a network that is represented by interesting traffic. I've also set the source of the netflow to be on the local network (interesting). The source is Vlan1; not sure if that is a problem.

I can see the netflows being created and sent (sh ip flow export) but the destination is not recieving.

Any help or suggestions would be appreciated. Thank you.

  • Security Management
6 REPLIES

Re: NetFlow through VPN

Hi,

is the VPN working correctly? Check connectivity with an extended ping using your NetFlow IPs.

Is the traffic encrypted on the same box where NetFlow is running? Where is the VPN terminating? Where are packets dropped?

Martin

New Member

Re: NetFlow through VPN

I confirmed that the VPN is working correctly with the extended ping. The traffic is being encrypted on the same box that is trying to send out the NetFlows. The VPN is terminating on a PIX515 and as far as I can see it is not being blocked. I also cannot see where the packets would be dropped.

Re: NetFlow through VPN

Hi, can you provide more details like hardware, IOS version and a config excerpt?

Cheers

Martin

New Member

Re: NetFlow through VPN

I have a Cisco 871 running 12.4(4)T. That is the remote vpn endpoint and it is also the device trying to send netflows. The other endpoint is a PIX515E (Restricted License) running ver 7.02(2).

SH RUN from 871

crypto map vpnmap 5 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set vpnset

match address meridentunnel

interface FastEthernet4

ip address xx.xx.xx.xx xx.xx.xx.xx

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no cdp enable

crypto map vpnmap

interface Vlan1

ip address 192.168.2.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip flow-export source Vlan1

ip flow-export destination 192.168.100.7 2055

ip access-list extended meridentunnel

permit ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255

Is that enough for you?

Hall of Fame Super Silver

Re: NetFlow through VPN

I believe that the part of the config that you posted looks reasonable. I do have one question: you are sending the net flow data to UDP port 2055 at address 192.168.100.7. Is this the correct address for the Net Flow collector and is the collector listening to this port for Net Flow data?

HTH

Rick

New Member

Re: NetFlow through VPN

I just uninstalled and reinstalled the program I'm using to listen for NetFlows. Since reboots to that server can only be done at night it took a little while but now I'm sure that the listener is working correctly. And yes, the NetFlows are using UDP on port 2055 and are going to 192.168.100.7.

279
Views
0
Helpful
6
Replies