Help sending flows to an IPsec destination
-
I have a branch office running a Netgate 7541. Default route over IPsec back to HQ. I want to capture flows and send them back to our Orion server at HQ. I've tried both softflowd and pfflowd with the same results. I do this at some of our other locations with an ASA 5505… so it shouldn't be impossible.
thanks!
-
You'll have to nudge the firewall to send the flows from a source of the LAN IP or similar, usually with a static route.
-
I tried a static route without success. Will attach some screenshots. The source ping works fine.
Flow is below:
172.20.10.254 |pfsense| public IP <ipsec>internet <ipsec>|Corporate ASA| 172.20.1.1 <> 172.20.1.68 (Netflow Receiver)
</ipsec></ipsec> -
also tried setting the static route to 0.0.0.0/1 … flows still not making it. I also did a pcap to confirm they are not making it. I feel like I'm missing something simple...... :-\
EDIT: BAH. Nevermind. pfflowd works with the static route in place. I absolutely could not get softflowd to work over IPsec. I'm happy.