We installed Flexible NetFlow V9 on our router(Cisco 877 with recent IOS) which is running VPN IPsec. We inputted the important configuration that would export the traffic which was monitored to the PRTG. When we view the cache flow in the router, data is populated in the Source IP,Destination IP, Source Port, Destination Port, Protocol and Bytes columns. We installed the NetFlow V9 sensor on our PRTG server and inputted the configuration settings that would connect the router and the PRTG. When we view the toplist option for the sensor, it shows data in the Source IP, Destination IP and the Bytes columns but all zeros value is populated for the Source Port, Destination Port, Protocol .These zero value did not show in the cache in the router( i.e. the router is showing the actual associated ports for the traffic and the protocol). A screenshot of the result is shown below for the PRTG toplist .

We have tried resetting the router several times but get the same results. What would be your recommended router configuration and your recommended PRTG settings.? Do you know if there is any Known Issues with regards to only 0s showing up for the port and protocol columns.

Article Comments

Hello,

PRTG uses what-ever data it gets via Netflow packets. So PRTG does of course not replace the Port- and protocol-numbers with 0s, these are already that way in the Netflow Packets.

I'm afraid we only have the following configuration tips for Cisco devices: https://kb.paessler.com/knowledgebase/en/topic/563-do-you-have-any-configuration-tips-for-cisco-routers-and-prtg

best regards.


Oct, 2012 - Permalink

If it use the same value in the router cache why does it give zero values in the PRTG?? Does some kind of encryption happen to the data over VPN IPsec so that the PRTG cant interpret the data accurate???


Nov, 2012 - Permalink

There is no encryption or decryption going on in PRTG. PRTG will write what ever port numbers are mentioned in the netflow packets. So the 0-port numbers are already in the Netflow Packets, or it is traffic that has no ports (like for example a Ping does not target a port). So this is an issue outside of PRTG (either router configuration, or it's the traffic itself).


Nov, 2012 - Permalink