Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Configuring for netflow

Hi, just purchased NPM with NTA so going through the config stage.

I have a network that has several 3G routers with dynamic IPs connected to our network via a DMVPN. I would like to have the netflow data sent from these routers via the WAN connection however it is only working via the VPN. Here is the config...

router#sh run
Building configuration...

Current configuration : 5808 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
memory-size iomem 10
!
crypto...

ip source-route
!
!
ip dhcp excluded-address 192.168.4.254
ip dhcp excluded-address 192.168.4.1 192.168.4.20
ip dhcp excluded-address 192.168.4.201 192.168.4.254
!
ip dhcp pool DHCP_LAN_POOL
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.254
   dns-server 192.168.0.1 192.168.10.2 139.130.4.4
!
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
chat-script internet "" "***** TIMEOUT 10 CONNECT
!
!
username admin privilege 15 password 7 *****
!
!
crypto...
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel0
ip address 172.16.0.4 255.255.0.0
no ip redirects
ip mtu 1416
ip flow ingress
ip flow egress
ip nhrp authentication corvit
ip nhrp map 172.16.0.1 *****
ip nhrp map multicast *****
ip nhrp map multicast *****
ip nhrp network-id 99
ip nhrp nhs 172.16.0.1
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key *****
tunnel protection ipsec profile dvpn
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0
no ip address
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer pool-member 2
dialer-group 2
async mode interactive
!
interface Vlan1
description --LAN Interface--
ip address 192.168.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
no ip address
!
interface Dialer1
ip address negotiated
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer idle-timeout 380
dialer string internet
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname dummy
ppp chap password 7 *****
ppp ipcp dns request
!
router eigrp 1
network 172.16.0.0
network 192.168.4.0
auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip flow-export source Vlan1
ip flow-export version 9
ip flow-export destination ***** 2055
ip flow-export destination 192.168.0.3 2055
!
ip nat inside source route-map *****_RMAP_1 interface Dialer1 overload
ip nat inside source route-map *****_RMAP_2 interface Dialer0 overload
!
access-list 100 remark *****_ACL Category=2
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 103 remark Allow PPTP
access-list 103 permit gre any any
access-list 103 permit ip any any
access-list 103 permit tcp any any eq 17233
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
snmp-server community public RO
snmp-server location *****
snmp-server contact *****
snmp-server chassis-id CiscoRouter
no cdp run

!
!
!
!
route-map ***** permit 1
match ip address 100
match interface Dialer1
!
route-map ***** permit 1
match ip address 100
match interface Dialer0
!
!
control-plane
!
banner exec ^CCCC

-----------------------------------------------------------------------

*****
-----------------------------------------------------------------------
^C
banner login ^CCC
-----------------------------------------------------------------------
No unauthorized access
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line 3
exec-timeout 0 0
script dialer internet
modem InOut
no exec
transport input all
line vty 0 4
access-class 23 in
privilege level 15
password 7 *****
login
transport input telnet ssh
!
no scheduler max-task-time
end

router#

Find more posts tagged with

Accepted answers

All comments

extrands

Why not create and use a loopback to source your exports?

mattjenkins

Its been a while since i have done a VPN tunnel but from the quick scan of the config, your sending all traffic down the tunnel.

You would need to setup split tunneling and send your netflow traffic directly out of your dialer/cellular interfaces and all other traffic down the VPN..

Hope this helps