Netflow via IPSec using Filter

Netflow via IPSec using Filter

Hi,
I have a router which is connected via an IPSec tunnel towards our network.
For that reason I have to use the "output-features" of flexible network. Otherwise the Netflow packets are unencrypted and they won't reach the collector.

flow exporter FlowExporter1

 destination  10.66.66.1

 source FastEthernet0

 output-features

 transport udp 9996

!

flow monitor FlowMonitor1

 record netflow ipv4 original-output

 exporter FlowExporter1

 cache timeout active 60



Furthermore I want to filter the traffic  reported to the collector. Usually I do this with an Policy-Map. But in this case I have to use the normal netflow export function which doesn't offer the ouptut feature.

flow-sampler-map FLOW-FILTER

 mode random one-out-of 1

 

class-map match-all C-FL-FILTER

 match access-group name FL_FILTER

 

ip access-list extended FL_FILTER

 deny   ip host 1.1.1.120 any

 deny   ip any host 1.1.1.120

 permit ip any any

 

policy-map P-FL-FILTER

 class C-FL-FILTER

   netflow-sampler FLOW-FILTER


ip flow-export version 9

ip flow-export interface-names

ip flow-export destination 10.66.66.1 9996

Has anyone an idea hwo to combine both ?


                New to ADSelfService Plus?