[c-nsp] Transit ESP packets not shown in Netflow export
Bulgaria Online - Assen Totin
assen at online.bg
Thu Nov 24 13:13:51 EST 2005
Hi all,
I apologize if this question is asked only due to my lack of knowledge.
I’m running a 7200 with a NPE-G1, IOS Version 12.3(12). All interfaces
do a Netflow export using version 5 (all I’m interested in is ipSrc,
ipDst, tos & size).
A new customer in my network is using a Cisco 1841 to establish an
encrypted VPN to his head office (outside my network). My router only
routes the packets without participating to the VPN. All packets are
present in the “sh ip route-cache” output (with their public IPv4
addresses), but data about them is never exported via Netflow.
A TCP dump of the same traffic shows packets are ESP and bear protocol
number 50 inside, which is listed as “ipv6-crypt”.
Is there any additional configuration I have to make to have the info
about these packets e xported? Does it have anything to do with the
fact that my router’s IOS supports encryption (a “jk9s-mz” image)?
Thanks in advance for your ideas/comments,
Assen Totin
Development Manager
===============================
BULGARIA ONLINE
Your quality... Your price!
===============================
tel. (+359 2) 973-3000 ext. 511
http://home.online.bg
More information about the cisco-nsp
mailing list