Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
0
Helpful
2
Replies

Netflow on GETVPN encrypted WAN-links

HUBERT RESCH
Level 3
Level 3

‎02-16-2011 04:53 AM - edited ‎03-04-2019 11:26 AM

Hi following the order of operation in IOS,

as you can see Netflow ingress is taken before Decryption

and Netflow egress is taken after Encryption.

So we have the problem that Netflow-records which are exported (created on ingress or egress netflow on a encrypted link) we only get the information about the IP-addresses (because GET-VPN preserves the IP-header) but not about the L4-Protocols. Every traffic is shown a ESP, which is clear if we have a look onto the order of IOS operations.

Is there any (hidden) way to influence these oder of operations, se we would be able to get netflow-records with the correct L4-Ports ?

Thx

Hubert

order_of_operation.jpg

2 people had this problem
Labels:
0 Helpful
2 Replies 2

sean_evershed
Level 7
Level 7

‎02-16-2011 05:36 AM

Hi, Configuring flexible Netflow may help using the output-features command. See below

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/cfg_de_fnflow_exprts.html

0 Helpful

HUBERT RESCH
Level 3
Level 3
In response to sean_evershed

‎02-16-2011 05:43 AM

Hi thats deninitifely not what solves our problem, the Netflow-records just show us ESP!

Hubert

0 Helpful
Customers Also Viewed These Support Documents