cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
2174
Views
0
Helpful
2
Replies

Flexible Netflow configuration with IPSec

Brian Preston
Level 1
Level 1

Hi,

I am trying to configure netflow/flexible netflow on some branch site 887 routers which have a IPSec tunnel back to the main office.  It is my understanding that the router will not encrypt traffic that it generates itself so the standard netflow will not work. The workaround I have seen is to use flexible netflow rather than standard.

I have tried to configure flexible netflow with the following configuration;

flow exporter EXPORTER-1

destination 192.168.10.1

source Vlan1

transport udp 9996

template data timeout 60

flow monitor FLOW-MONITOR-1

exporter EXPORTER-1

cache timeout active 60

record netflow-original

interface dialer 1

ip flow monitor FLOW-MONITOR-1 input

ip flow monitor FLOW-MONITOR-1 output

However this does not seem to work and our monitoring server is not recieving any data (I have used network monitor to capture the traffic to see if the router is sending the traffic or not)

When I check the flow's it does seem to collecting the data (the site does not have many users by the way);

FIU-R-DUM-001#sh flow monitor FLOW-MONITOR-1 cache
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                              11
  High Watermark:                              403

  Flows added:                              164825
  Flows aged:                               164814
    - Active timeout      (    60 secs)      22720
    - Inactive timeout    (    15 secs)     142094
    - Event aged                                 0
    - Watermark aged                             0
    - Emergency aged                             0

FIU-R-DUM-001#sh flow exporter EXPORTER-1 statistics
Flow Exporter EXPORTER-1:
  Packet send statistics (last cleared 6d05h ago):
    Successfully sent:         69071                 (13068236 bytes)

  Client send statistics:
    Client: Flow Monitor FLOW-MONITOR-1
      Records added:           164840
        - sent:                164840
      Bytes added:             8736520
        - sent:                8736520

FIU-R-DUM-001#sh flow interface dialer 1

Interface Dialer1

  FNF:  monitor:          FLOW-MONITOR-1

        direction:        Input

        traffic(ip):      on

  FNF:  monitor:          FLOW-MONITOR-1

        direction:        Output

        traffic(ip):      on

I was wondering if someone could confirm whether I am along in the right lines in terms of configuration or am I missing some step that need to be configured or if there is any other commands I can use to check the netflow exports

Many thanks in advance

Brian

1 Accepted Solution

Accepted Solutions

Don Jacob
Level 1
Level 1

Hi Brian,

Ensure you have the option "output-feature" added to your flow exporter. For details, check this blog:

http://blogs.manageengine.com/netflowanalyzer/2011/04/01/netflow-data-export-over-ipsec-tunnels/

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

View solution in original post

2 Replies 2

Don Jacob
Level 1
Level 1

Hi Brian,

Ensure you have the option "output-feature" added to your flow exporter. For details, check this blog:

http://blogs.manageengine.com/netflowanalyzer/2011/04/01/netflow-data-export-over-ipsec-tunnels/

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

Hi Don,

Thanks you for your response, implementing those changes worked perfectly.

Again, thank you for your assistance.

Cheers,

Brian