Improve company productivity with a Business Account.Sign Up

x
?
Solved

ASA filtering traffic through VPN

Posted on 2009-04-03
3
Medium Priority
?
232 Views
Last Modified: 2012-05-06
Have any of you come across instances of an ASA grabbing sflow data coming across VPNs and blocking it/doing funny things to it?

I am trying to get data from one of my site offices off an HP Switch there and it just isnt coming through to my monitoring server. The Cryptos are all IP ANY ANY in both directions, so there is no reason why it should be stopped.

I can get all the SNMP data from the switch and the ASA fine, it is just the Sflow  which I am not getting.

Anyone??
0
Comment
Question by:fahim
3 Comments
 
LVL 7

Expert Comment

by:egyptco
ID: 24062916
do you have "sysopt connection permit-ipsec" in your asa config?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 800 total points
ID: 24067060
What port are you exporting the sflow on? If that port matches a well known service that the inspects look at then yes, the asa could be doing funny things with it
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1200 total points
ID: 24083571


sflow is normally exported on tcp/udp port 6343, what traffic are you allowing via the VPN? Can you provide
the ACL used to match the traffic to be encrypted?

harbor235 ;}
0

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question