Netflow and GetVPN

gerard.glynn · ‎12-19-2011

Hi,

Netflow was working perfectly,all the information was collected by a Fluke Netflow collecotr software

GetVPN was rolled out on the WAN a few months back.

Since then, we only see mostly ESP traffic in the Netflow graphs. We do not see the breakdown of Layer4 traffic anymore.

It appears that the Netflow traffic is only processed and collected before the GetVPN decryption at the border routers ??

Is there a way to influence the order of netflow processing in such a way to gather the traffic information after it has been decrypted at the GetVPN border routers.

I have flexible netflow enabled (with the output-feature) as follows on a border router. And its currently only enabled on the WAN interfaces (which are also GetVPN enabled). We are still mostly seeing ESP traffic. Is there a way to see the unencrypted traffic within the Netflow ??

Or is the only way to disable netflow on the WAN Interfaces and then enable it on the LAN interfaces instead (which are not GetVPN enabled) ?

I will attach some of the router config

Thanks

Ger

yaplej · ‎02-21-2012

I experianced the same thing as your describing and have not been able to figure out any alternative except to also collect netflow stats on the inside interfaces. Seems logical that if we want to collect netflow before encryption with flexible netflow then we would also want to collect statistics after decryption with flexible netflow.

If you were able to figure out how to make it work like you wanted please let me know.