NTP & Netflow with DMVPN

bmccomb30 · ‎10-27-2010

We sucessfully implemented DMVPN in our environment with EIGRP. I have two issues that I think are related:

1) We want to use our internal NTP servers for the router

2) We want to send Netflows from the router to our internal Netflow Analyser server

It appears that this traffic is not going through the tunnel interface but straight to the Internet. I have tried setting the NTP source to be the LAN interface, Loopback0 interface, and the tunnel interface with no luck.

Can anyone advise me how to approach this issue?

kyukim · ‎10-27-2010

Hi.

1. NTP is just unicast packet. If it will be routed based on source and destination. So, NTP should go through tunnel if your routing from source to destination points tunnel.

you can run "deb ntp packet" or "deb ip packet xxx det" (xxx is number ACL specifying NTP source to destination) to confirm.

2. Netflow Export over IPSEC tunnel

You need to configure "flexible netflow", not normal netflow.

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/12_4t/fnf_12_4t_book.html

KK

NTP & Netflow with DMVPN

NetFlow Support Matrix

Netflow v9

Implementing Network Time Protocol (NTP)

DMVPN routing issue

Re: Dynamic Multipoint VPN (DMVPN): Design and Positioning - Questions