https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487854#M1055529 <HTML><HEAD></HEAD><BODY><P>I just uninstalled and reinstalled the program I'm using to listen for NetFlows. Since reboots to that server can only be done at night it took a little while but now I'm sure that the listener is working correctly. And yes, the NetFlows are using UDP on port 2055 and are going to 192.168.100.7.</P></BODY></HTML> Thu, 05 Jan 2006 13:44:05 GMT depadua_chris 2006-01-05T13:44:05Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487848#M1055522 <P>How do you encrypt NetFlows through a VPN connection? </P><P></P><P>I've set the netflow destination to be on a network that is represented by interesting traffic. I've also set the source of the netflow to be on the local network (interesting). The source is Vlan1; not sure if that is a problem. </P><P></P><P>I can see the netflows being created and sent (sh ip flow export) but the destination is not recieving. </P><P></P><P>Any help or suggestions would be appreciated. Thank you.</P> Fri, 21 Feb 2020 08:37:01 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487848#M1055522 depadua_chris 2020-02-21T08:37:01Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487849#M1055523 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>is the VPN working correctly? Check connectivity with an extended ping using your NetFlow IPs.</P><P>Is the traffic encrypted on the same box where NetFlow is running? Where is the VPN terminating? Where are packets dropped?</P><P></P><P>Martin</P></BODY></HTML> Sun, 01 Jan 2006 20:49:56 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487849#M1055523 mheusinger 2006-01-01T20:49:56Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487850#M1055525 <HTML><HEAD></HEAD><BODY><P>I confirmed that the VPN is working correctly with the extended ping. The traffic is being encrypted on the same box that is trying to send out the NetFlows. The VPN is terminating on a PIX515 and as far as I can see it is not being blocked. I also cannot see where the packets would be dropped. </P></BODY></HTML> Tue, 03 Jan 2006 16:11:35 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487850#M1055525 depadua_chris 2006-01-03T16:11:35Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487851#M1055526 <HTML><HEAD></HEAD><BODY><P>Hi, can you provide more details like hardware, IOS version and a config excerpt?</P><P></P><P>Cheers</P><P></P><P>Martin</P><P></P></BODY></HTML> Tue, 03 Jan 2006 16:44:31 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487851#M1055526 mheusinger 2006-01-03T16:44:31Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487852#M1055527 <HTML><HEAD></HEAD><BODY><P>I have a Cisco 871 running 12.4(4)T. That is the remote vpn endpoint and it is also the device trying to send netflows. The other endpoint is a PIX515E (Restricted License) running ver 7.02(2).</P><P></P><P>SH RUN from 871</P><P></P><P>crypto map vpnmap 5 ipsec-isakmp </P><P> set peer xx.xx.xx.xx</P><P> set transform-set vpnset </P><P> match address meridentunnel</P><P></P><P>interface FastEthernet4</P><P> ip address xx.xx.xx.xx xx.xx.xx.xx</P><P> no ip unreachables</P><P> no ip proxy-arp</P><P> ip nat outside</P><P> ip virtual-reassembly</P><P> ip route-cache flow</P><P> duplex auto</P><P> speed auto</P><P> no cdp enable</P><P> crypto map vpnmap</P><P></P><P>interface Vlan1</P><P> ip address 192.168.2.1 255.255.255.0</P><P> no ip redirects</P><P> no ip unreachables</P><P> no ip proxy-arp</P><P> ip nat inside</P><P> ip virtual-reassembly</P><P></P><P>ip flow-export source Vlan1</P><P>ip flow-export destination 192.168.100.7 2055</P><P></P><P>ip access-list extended meridentunnel</P><P> permit ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255</P><P></P><P>Is that enough for you?</P></BODY></HTML> Tue, 03 Jan 2006 17:11:44 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487852#M1055527 depadua_chris 2006-01-03T17:11:44Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487853#M1055528 <HTML><HEAD></HEAD><BODY><P>I believe that the part of the config that you posted looks reasonable. I do have one question: you are sending the net flow data to UDP port 2055 at address 192.168.100.7. Is this the correct address for the Net Flow collector and is the collector listening to this port for Net Flow data?</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Tue, 03 Jan 2006 17:58:56 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487853#M1055528 Richard Burts 2006-01-03T17:58:56Z https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487854#M1055529 <HTML><HEAD></HEAD><BODY><P>I just uninstalled and reinstalled the program I'm using to listen for NetFlows. Since reboots to that server can only be done at night it took a little while but now I'm sure that the listener is working correctly. And yes, the NetFlows are using UDP on port 2055 and are going to 192.168.100.7.</P></BODY></HTML> Thu, 05 Jan 2006 13:44:05 GMT https://community.cisco.com/t5/network-security/netflow-through-vpn/m-p/487854#M1055529 depadua_chris 2006-01-05T13:44:05Z