Solved

ASA filtering traffic through VPN

Posted on 2009-04-03
3
222 Views
Last Modified: 2012-05-06
Have any of you come across instances of an ASA grabbing sflow data coming across VPNs and blocking it/doing funny things to it?

I am trying to get data from one of my site offices off an HP Switch there and it just isnt coming through to my monitoring server. The Cryptos are all IP ANY ANY in both directions, so there is no reason why it should be stopped.

I can get all the SNMP data from the switch and the ASA fine, it is just the Sflow  which I am not getting.

Anyone??
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Expert Comment

by:egyptco
ID: 24062916
do you have "sysopt connection permit-ipsec" in your asa config?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 24067060
What port are you exporting the sflow on? If that port matches a well known service that the inspects look at then yes, the asa could be doing funny things with it
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 300 total points
ID: 24083571


sflow is normally exported on tcp/udp port 6343, what traffic are you allowing via the VPN? Can you provide
the ACL used to match the traffic to be encrypted?

harbor235 ;}
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question