03-19-2013 12:57 PM - edited 03-07-2019 12:21 PM
Hello All,
I have a SR520 just deployed at a remote site with Internet Access.
Working Environment:
Remote sites have SR520 with IPSEC VPN back to HQ and netflow v.5 works through the VPN back to our PRTG server.
Non-Working:
I cannot get Netflow data to our PRTG with this first SR520 implemented with Zone Base Security. I am not able to get my netflow traffic out. VPN is up and running. Internet is a dialer0 interface. I have a Kron job that does the copy run to tftp backup daily to the same PRTG server and it works fine.
Both my source interface and address on the TFTP command and the netflow commands are the same interfaces (VLAN75) and IP. The Destination ip is the same too (through the VPN tunnel).
Snipped:
flow exporter prtg
destination x.x.x.x
source Vlan75
output-features
transport udp 9996
template data timeout 60
flow monitor default-export
record netflow-original
cache timeout active 60
ip flow-cache timeout active 1
ip flow-export source Vlan75
ip flow-export version 5
------------------------------------
sho flow interface
Interface Dialer0
FNF: monitor: default-export
direction: Output
traffic(ip): on
Interface Vlan75
FNF: monitor: default-export
direction: Input
traffic(ip): on
-----------------------------------
sho flow exporter
Flow Exporter prtg:
Description: User defined
Tranport Configuration:
Destination IP address: x.x.x.x (correct IP)
Source IP address: x.x.x.x (correct IP)
Source Interface: Vlan75
Transport Protocol: UDP
Destination Port: 9996
Source Port: 60313
DSCP: 0x0
TTL: 255
Output Features: Used
-----------------------------------------
sho flow monitor
Flow Monitor default-export:
Description: User defined
Flow Record: netflow-original
Cache:
Type: normal
Status: allocated
Size: 4096 entries / 311316 bytes
Inactive Timeout: 15 secs
Active Timeout: 60 secs
Update Timeout: 1800 secs
Any guidance?
Thanks in advance..
03-26-2013 01:49 PM
Update..
I have netflow going, but it keeps sending out V.9. even with the following:
ip flow-export source Vlan75
ip flow-export version 5
ip flow-export destination x.x.x.x 9996..
I created a flow monitor and a ip exporter and attached to the interface.. when I check via wireshark, i only see version 9 coming in.
I want to only do V5 for now.
Regards,
KS
03-28-2013 10:57 AM
Try completely removing the flow exporter then configure NetFlow v5. If this doesn't work, verify with PRTG that the version you are running supports NetFlow v9.
There could be some NetFlow element in the V9 export that PRTG doesn't like. Use Flexible NetFlow to export a very generic NetFlow export that resembles v5.
Step 1:
flow record netflowv5
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match ipv4 tos
match interface input
collect interface output
collect xxxxxxx
collect xxxxxxx
etc. etc.
Other than the template architecture of v9, the export should resemble v5. I hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide