Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
1
Replies

Pass Through VPN Tunnel traffic creates invalid netflow export in ASA 5500 series

senthil12b
Level 1
Level 1

‎09-25-2014 08:47 AM

Hi,

I have a question about the Netflow functionality in Cisco ASA 5500 series.

The netflow traffic data is reported correct, if there is no VPN users connected to the network through ASA.

When VPN users connect to the Network through VPN , netflow export from ASA shows VPN traffic as multiple times the real value. This leads to incorrect spikes in traffic.

Please let me know if this is a known bug/limitation in ASA.

 

FYI,

Network setup is as below.

ISP connects to the ASA firewall. ASA to the VPN router. The tunnel ends at the router interface, so the VPN traffic is a 'pass through' traffic for ASA. Netflow export from the VPN router is perfect. Only ASA export shows spikes.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

network.support
Level 1
Level 1

‎09-26-2014 02:00 AM

To be clear, this is just VPN pass-through traffic over the ASA, there is no VPN router.

 

infrastructure looks like this:

Desktop user using software VPN client to customer > 6509-E switch > ASA > internet > customer VPN endpoint

 

Cisco TAC for this case is 632018113

 

Thanks,


Paul

0 Helpful
Customers Also Viewed These Support Documents