[c-nsp] Transit ESP packets not shown in Netflow export

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Nov 25 03:27:56 EST 2005 

Hi Assen,

so you see the flows in "show ip cache flow" (the command you mentioned,
"show ip route-cache" does not exist), but the flows are not exported?
Did you wait long enough until the active timeout (30 mins by default)
fires and the flows are actually aged out and exported? Since there will
likely be constant traffic within the crypto tunnel, the flow will
likely never become "inactive", so Netflow will only export it every 30
minutes..

	oli

Bulgaria Online - Assen Totin <> wrote on Thursday, November 24, 2005
7:14 PM:

> Hi all,
> 
> I apologize if this question is asked only due to my lack of
> knowledge. 
> 
> I'm running a 7200 with a NPE-G1, IOS Version 12.3(12). All interfaces
> do a Netflow export using  version 5 (all I'm interested in is ipSrc,
> ipDst, tos & size).
> 
> A new customer in my network is using a Cisco 1841 to establish an
> encrypted VPN to his head  office (outside my network). My router only
> routes the packets without  participating to the VPN. All packets are
> present in the  "sh ip route-cache" output (with their public IPv4
> addresses), but data about  them is never exported via Netflow.
> 
> A TCP dump of the same traffic shows packets are ESP and bear protocol
> number 50  inside, which is listed as "ipv6-crypt".
> 
> Is there any additional configuration I have to make to have the info
> about these packets e xported? Does it have anything to do with the
> fact that my router's  IOS supports encryption (a "jk9s-mz" image)?
> 
> Thanks in advance for your ideas/comments,
> 
> Assen Totin
> Development Manager
> 
> ===============================
>         BULGARIA ONLINE
>   Your quality... Your price!
> ===============================
> tel. (+359 2) 973-3000 ext. 511
>      http://home.online.bg
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list