I had the following NetFlow configuration on my router:
ip flow-cache timeout active 1
ip flow-export source FastEthernet0/1.1
ip flow-export version 5
ip flow-export destination 10.39.30.5 9996
!
interface FastEthernet0/0.2
ip flow ingress
interface FastEthernet0/1.12
ip flow ingress
interface FastEthernet0/1.40
ip flow ingress
Witch worked fine on my other routers. But in this particular case, the NetFLOW server was only accecible through an IPSEC VPN and the flows weren't getting there.
The solution to this was to use "Flexible Netflow" configuration. This allows for the NetFlow export to be sent down the standard IPSEC VPN tunnel.
An example of the NetFlow config is as follows:
flow exporter FLOW_EXPORTER
destination 10.39.30.5
source FastEthernet0/1.1
output-features
transport udp 9996
export-protocol netflow-v5
!
!
flow monitor FLOW_MONITOR
record netflow-original
exporter FLOW_EXPORTER
cache timeout active 1
!
interface FastEthernet0/0.2
ip flow monitor FLOW_MONITOR input
!
interface FastEthernet0/1.12
ip flow monitor FLOW_MONITOR input
!
interface FastEthernet0/1.40
ip flow monitor FLOW_MONITOR input
!
No comments:
Post a Comment