Hello,
This is not a problem directly related to flow-tools itself, but to
Netflow exports from a Cisco router.
How can I encrypt the exported UDP datagrams using IPSec?
The idea is simple: configure an IPSec tunnel between the Cisco router
and the Linux box that runs 'flow-capture'. I successfully established
this tunnel. Just for testing, I configured a Syslog server ("logging
10.222.1.67"). The syslog UDP datagrams are encrypted correctly. ICMP
echos and echo-replys from the router to the Netflow-server or vice
versa are also encrypted.
However, the Cisco router does not encrypt the Netflow datagrams. This
clearly is a Cisco IOS bug for me.
Has one of you a solution of how to encrypt the exported Netflow data?
Below is the Cisco configuration.
---
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key linux address 10.222.1.67
crypto ipsec transform-set linux esp-3des esp-md5-hmac
crypto map linux 10 ipsec-isakmp
set peer 10.222.1.67
set security-association lifetime seconds 28800
set transform-set linux
set pfs group2
match address EncryptMe
ip access-list extended EncryptMe
permit ip host 10.222.1.40 host 10.222.1.67
interface FastEthernet0
ip address 10.222.1.30 255.255.252.0
ip flow ingress
crypto map linux
ip flow-export version 5
ip flow-export destination 10.222.1.67 9003
---
I've found out the Cisco correctly encrypts the exported data when using
SCTP instead of UDP as the transport protocol. However, flow-capture
does not support SCTP yet. Is there a way to make flow-capture accept
SCTP, maybe with a wrapper around?
Cheers,
Johannes
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
