As of IOS 12.4(20)T Cisco routers can send NetFlow data through an IPSec VPN tunnel. The flow exporter just needs to be configured with the output-features option. According to Configuring Data Export for Cisco IOS Flexible NetFlow with Flow Exporters this option “Enables sending export packets using QoS and encryption”.
For example:
flow exporter NFSVR
destination 10.1.1.1
source Vlan1
output-features
transport udp 9996
!
!
flow monitor flow-monitor
record netflow-original
exporter NFSVR
cache timeout active 1
However, although the output-features command appears to be available on earlier versions of IOS, it doesn’t seem to have been implemented. You can type the command without error, but it never makes it into the config. So, if you’re trying to get this working, and it’s not, I suggest checking your IOS version.
Post a Comment