I confirmed that the VPN is working correctly with the extended ping. The traffic is being encrypted on the same box that is trying to send out the NetFlows. The VPN is terminating on a PIX515 and as far as I can see it is not being blocked. I also cannot see where the packets would be dropped.

Hi, can you provide more details like hardware, IOS version and a config excerpt?

Cheers

Martin

I have a Cisco 871 running 12.4(4)T. That is the remote vpn endpoint and it is also the device trying to send netflows. The other endpoint is a PIX515E (Restricted License) running ver 7.02(2).

SH RUN from 871

crypto map vpnmap 5 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set vpnset

match address meridentunnel

interface FastEthernet4

ip address xx.xx.xx.xx xx.xx.xx.xx

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no cdp enable

crypto map vpnmap

interface Vlan1

ip address 192.168.2.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip flow-export source Vlan1

ip flow-export destination 192.168.100.7 2055

ip access-list extended meridentunnel

permit ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255

Is that enough for you?

I believe that the part of the config that you posted looks reasonable. I do have one question: you are sending the net flow data to UDP port 2055 at address 192.168.100.7. Is this the correct address for the Net Flow collector and is the collector listening to this port for Net Flow data?

HTH

Rick

I just uninstalled and reinstalled the program I'm using to listen for NetFlows. Since reboots to that server can only be done at night it took a little while but now I'm sure that the listener is working correctly. And yes, the NetFlows are using UDP on port 2055 and are going to 192.168.100.7.