Haven't done IPSEc from a Cisco device before so I can't really help. But if it's a 6500, I know the netflow gets exported from the MSFC and the Supervisor separately and maybe you don't have both encrypted.
I hope you can get it going, but if not you could connect a (cheap) host locally and have it relay the packets via IPSEC. Actually, what I've had to do is run periodic 'scp' copies from a local collector back to my main collector when this level of security was required. Joe "Johannes Herlitz" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/04/2008 08:03 AM To <[email protected]> cc Subject [Flow-tools] Encrypt netflow exports using IPSec? Hello, This is not a problem directly related to flow-tools itself, but to Netflow exports from a Cisco router. How can I encrypt the exported UDP datagrams using IPSec? The idea is simple: configure an IPSec tunnel between the Cisco router and the Linux box that runs ‘flow-capture’. I successfully established this tunnel. Just for testing, I configured a Syslog server (“logging 10.222.1.67”). The syslog UDP datagrams are encrypted correctly. ICMP echos and echo-replys from the router to the Netflow-server or vice versa are also encrypted. However, the Cisco router does not encrypt the Netflow datagrams. This clearly is a Cisco IOS bug for me. Has one of you a solution of how to encrypt the exported Netflow data? Below is the Cisco configuration. --- crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 crypto isakmp key linux address 10.222.1.67 crypto ipsec transform-set linux esp-3des esp-md5-hmac crypto map linux 10 ipsec-isakmp set peer 10.222.1.67 set security-association lifetime seconds 28800 set transform-set linux set pfs group2 match address EncryptMe ip access-list extended EncryptMe permit ip host 10.222.1.40 host 10.222.1.67 interface FastEthernet0 ip address 10.222.1.30 255.255.252.0 ip flow ingress crypto map linux ip flow-export version 5 ip flow-export destination 10.222.1.67 9003 --- I’ve found out the Cisco correctly encrypts the exported data when using SCTP instead of UDP as the transport protocol. However, flow-capture does not support SCTP yet. Is there a way to make flow-capture accept SCTP, maybe with a wrapper around? Cheers, Johannes_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
