ASA filtering traffic through VPN

Have any of you come across instances of an ASA grabbing sflow data coming across VPNs and blocking it/doing funny things to it?

I am trying to get data from one of my site offices off an HP Switch there and it just isnt coming through to my monitoring server. The Cryptos are all IP ANY ANY in both directions, so there is no reason why it should be stopped.

I can get all the SNMP data from the switch and the ASA fine, it is just the Sflow  which I am not getting.

Anyone??
fahimAsked:
Who is Participating?
 
harbor235Commented:


sflow is normally exported on tcp/udp port 6343, what traffic are you allowing via the VPN? Can you provide
the ACL used to match the traffic to be encrypted?

harbor235 ;}
0
 
egyptcoCommented:
do you have "sysopt connection permit-ipsec" in your asa config?
0
 
lrmooreCommented:
What port are you exporting the sflow on? If that port matches a well known service that the inspects look at then yes, the asa could be doing funny things with it
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.