• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

ASA filtering traffic through VPN

Have any of you come across instances of an ASA grabbing sflow data coming across VPNs and blocking it/doing funny things to it?

I am trying to get data from one of my site offices off an HP Switch there and it just isnt coming through to my monitoring server. The Cryptos are all IP ANY ANY in both directions, so there is no reason why it should be stopped.

I can get all the SNMP data from the switch and the ASA fine, it is just the Sflow  which I am not getting.

Anyone??
0
fahim
Asked:
fahim
2 Solutions
 
egyptcoCommented:
do you have "sysopt connection permit-ipsec" in your asa config?
0
 
lrmooreCommented:
What port are you exporting the sflow on? If that port matches a well known service that the inspects look at then yes, the asa could be doing funny things with it
0
 
harbor235Commented:


sflow is normally exported on tcp/udp port 6343, what traffic are you allowing via the VPN? Can you provide
the ACL used to match the traffic to be encrypted?

harbor235 ;}
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now