2 Replies Latest reply on Sep 28, 2010 11:26 AM by mattjenkins

    Configuring for netflow

      Hi, just purchased NPM with NTA so going through the config stage.

      I have a network that has several 3G routers with dynamic IPs connected to our network via a DMVPN. I would like to have the netflow data sent from these routers via the WAN connection however it is only working via the VPN. Here is the config...

      router#sh run
      Building configuration...

      Current configuration : 5808 bytes
      !
      version 12.4
      no service pad
      service timestamps debug datetime msec
      service timestamps log datetime msec
      service password-encryption
      !
      hostname router
      !
      boot-start-marker
      boot-end-marker
      !
      logging message-counter syslog
      !
      no aaa new-model
      memory-size iomem 10
      !
      crypto...

      ip source-route
      !
      !
      ip dhcp excluded-address 192.168.4.254
      ip dhcp excluded-address 192.168.4.1 192.168.4.20
      ip dhcp excluded-address 192.168.4.201 192.168.4.254
      !
      ip dhcp pool DHCP_LAN_POOL
         network 192.168.4.0 255.255.255.0
         default-router 192.168.4.254
         dns-server 192.168.0.1 192.168.10.2 139.130.4.4
      !
      !
      ip cef
      !
      no ipv6 cef
      !
      multilink bundle-name authenticated
      chat-script internet "" "***** TIMEOUT 10 CONNECT
      !
      !
      username admin privilege 15 password 7 *****
      !
      !
      crypto...
      !
      !
      archive
       log config
        hidekeys
      !
      !
      !
      !
      !
      interface Tunnel0
       ip address 172.16.0.4 255.255.0.0
       no ip redirects
       ip mtu 1416
       ip flow ingress
       ip flow egress
       ip nhrp authentication corvit
       ip nhrp map 172.16.0.1 *****
       ip nhrp map multicast *****
       ip nhrp map multicast *****
       ip nhrp network-id 99
       ip nhrp nhs 172.16.0.1
       tunnel source Dialer1
       tunnel mode gre multipoint
       tunnel key *****
       tunnel protection ipsec profile dvpn
      !
      interface FastEthernet0
      !
      interface FastEthernet1
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface FastEthernet4
       no ip address
       shutdown
       duplex auto
       speed auto
      !
      interface Cellular0
       no ip address
       ip flow ingress
       ip nat outside
       ip virtual-reassembly
       encapsulation ppp
       dialer in-band
       dialer pool-member 2
       dialer-group 2
       async mode interactive
      !
      interface Vlan1
       description --LAN Interface--
       ip address 192.168.4.254 255.255.255.0
       ip nat inside
       ip virtual-reassembly
       ip tcp adjust-mss 1412
      !
      interface Dialer0
       no ip address
      !
      interface Dialer1
       ip address negotiated
       ip flow ingress
       ip flow egress
       ip nat outside
       ip virtual-reassembly
       encapsulation ppp
       dialer pool 2
       dialer idle-timeout 380
       dialer string internet
       dialer-group 2
       no cdp enable
       ppp authentication chap callin
       ppp chap hostname dummy
       ppp chap password 7 *****
       ppp ipcp dns request
      !
      router eigrp 1
       network 172.16.0.0
       network 192.168.4.0
       auto-summary
      !
      ip forward-protocol nd
      ip route 0.0.0.0 0.0.0.0 Dialer1
      no ip http server
      no ip http secure-server
      !
      ip flow-export source Vlan1
      ip flow-export version 9
      ip flow-export destination ***** 2055
      ip flow-export destination 192.168.0.3 2055
      !
      ip nat inside source route-map *****_RMAP_1 interface Dialer1 overload
      ip nat inside source route-map *****_RMAP_2 interface Dialer0 overload
      !
      access-list 100 remark *****_ACL Category=2
      access-list 100 permit ip 192.168.4.0 0.0.0.255 any
      access-list 103 remark Allow PPTP
      access-list 103 permit gre any any
      access-list 103 permit ip any any
      access-list 103 permit tcp any any eq 17233
      dialer-list 1 protocol ip permit
      dialer-list 2 protocol ip permit
      snmp-server community public RO
      snmp-server location *****
      snmp-server contact *****
      snmp-server chassis-id CiscoRouter
      no cdp run

      !
      !
      !
      !
      route-map ***** permit 1
       match ip address 100
       match interface Dialer1
      !
      route-map ***** permit 1
       match ip address 100
       match interface Dialer0
      !
      !
      control-plane
      !
      banner exec ^CCCC

      -----------------------------------------------------------------------

      *****
      -----------------------------------------------------------------------
      ^C
      banner login ^CCC
      -----------------------------------------------------------------------
      No unauthorized access
      -----------------------------------------------------------------------
      ^C
      !
      line con 0
       login local
       no modem enable
      line aux 0
      line 3
       exec-timeout 0 0
       script dialer internet
       modem InOut
       no exec
       transport input all
      line vty 0 4
       access-class 23 in
       privilege level 15
       password 7 *****
       login
       transport input telnet ssh
      !
      no scheduler max-task-time
      end

      router#