topic ASA 5510(8.46)-NetFlow in Network Security

ASA 5510(8.46)-NetFlow

Anukalp S — Tue, 12 Mar 2019 02:07:50 GMT

I have recently upgraded our ASA to version 8.4(6) but after upgradation i have noticed that Netflow stats are not showing in our tool. I have rediscovered device in tool but still problem persist. I dont know whether issue is with config. ASA config was converted after reload from previous 8.2 version.

Below is config after upgradation OS.

============================================

access-list flow_export_acl extended permit ip host 10.110.151.11 host 10.110.151.51

flow-export destination inside 10.110.151.11 9996

flow-export template timeout-rate 1

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect skinny

inspect icmp

class class-default

flow-export event-type all destination 10.110.151.11

ASA 5510(8.46)-NetFlow

smetieh001 — Fri, 05 Jul 2013 20:02:33 GMT

Hi Anukalp,

I do not see any match statement in your class map. You should match the access-list "flow_export_acl you created.

Can you post the config proir to upgrade?

ASA 5510(8.46)-NetFlow

Anukalp S — Fri, 05 Jul 2013 20:17:58 GMT

Hi..

Before upgradation config was below..

=========================================

snmp-server host inside 10.110.151.11 community *****

flow-export destination inside 10.110.151.11 9996

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect skinny

inspect icmp

class class-default

flow-export event-type all destination 10.110.151.11

ASA 5510(8.46)-NetFlow

jakewilson — Sat, 06 Jul 2013 11:52:29 GMT

Hello Anukalp,

Cisco jumped around a bit in the different firmware releases on how the NSEL is exported. It is best explained in this post on Cisco ASA NetFlow : Bidirectional Support Added. I hope this helps, please vote on my reply if it does.

Jake

ASA 5510(8.46)-NetFlow

Anukalp S — Sun, 07 Jul 2013 10:28:14 GMT

Can you tell me pls how could how could i enable bidirectional support.

Also if netflow in ASA ver 8.4(6) is unidirectional then would it not work.

Re: ASA 5510(8.46)-NetFlow

Julio Carvajal — Sun, 07 Jul 2013 16:50:17 GMT

Hello Anukalp.

Exactly, on that version you could only use unidirectional,

How to enable it? I am not 100% sure but I think is the only method it supports so it will be on by default,

There is no command for it on the command reference so it's just the mode you have on this version

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

ASA 5510(8.46)-NetFlow

Anukalp S — Mon, 08 Jul 2013 07:11:47 GMT

Hi jcarvaja,

I have nothing to do with unidirectional or bidirectional. My issue is that NetFlow collector is showing traffic of ASA. It was working fine on version 8.2(5). After upgradation it to 8.4(6) my netflow collector stops displaying data. I have mentioned config above of netflow in ASA of both version 8.2(5) & 8.4(6).

I just need to know if there is any changes in 8.4(6) which need to configure so that my netflow collector start displaying traffic.

ASA 5510(8.46)-NetFlow

Julio Carvajal — Mon, 08 Jul 2013 16:24:33 GMT

Hello Anukalp.

This is what you asked:

Can you tell me pls how could how could i enable bidirectional support.

Also if netflow in ASA ver 8.4(6) is unidirectional then would it not work.

That is all related to bidirectional, unidirectional flow

Can you share the following:

show run class class-default

show service-policy

clear flow-export counters

show flow-export counters

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

ASA 5510(8.46)-NetFlow

jakewilson — Thu, 11 Jul 2013 13:33:39 GMT

Consider downloading the Cisco ASA Guide to NetFlow Security Event Logging and Cyber Threat Detection. It should help.