07-05-2013 12:30 PM - edited 03-11-2019 07:07 PM
I have recently upgraded our ASA to version 8.4(6) but after upgradation i have noticed that Netflow stats are not showing in our tool. I have rediscovered device in tool but still problem persist. I dont know whether issue is with config. ASA config was converted after reload from previous 8.2 version.
Below is config after upgradation OS.
============================================
access-list flow_export_acl extended permit ip host 10.110.151.11 host 10.110.151.51
flow-export destination inside 10.110.151.11 9996
flow-export template timeout-rate 1
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect skinny
inspect icmp
class class-default
flow-export event-type all destination 10.110.151.11
Solved! Go to Solution.
07-06-2013 04:52 AM
Hello Anukalp,
Cisco jumped around a bit in the different firmware releases on how the NSEL is exported. It is best explained in this post on Cisco ASA NetFlow : Bidirectional Support Added. I hope this helps, please vote on my reply if it does.
Jake
07-05-2013 01:02 PM
Hi Anukalp,
I do not see any match statement in your class map. You should match the access-list "flow_export_acl you created.
Can you post the config proir to upgrade?
07-05-2013 01:17 PM
Hi..
Before upgradation config was below..
=========================================
snmp-server host inside 10.110.151.11 community *****
flow-export destination inside 10.110.151.11 9996
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect skinny
inspect icmp
class class-default
flow-export event-type all destination 10.110.151.11
07-06-2013 04:52 AM
Hello Anukalp,
Cisco jumped around a bit in the different firmware releases on how the NSEL is exported. It is best explained in this post on Cisco ASA NetFlow : Bidirectional Support Added. I hope this helps, please vote on my reply if it does.
Jake
07-07-2013 03:28 AM
Can you tell me pls how could how could i enable bidirectional support.
Also if netflow in ASA ver 8.4(6) is unidirectional then would it not work.
07-07-2013 09:50 AM
Hello Anukalp.
Exactly, on that version you could only use unidirectional,
How to enable it? I am not 100% sure but I think is the only method it supports so it will be on by default,
There is no command for it on the command reference so it's just the mode you have on this version
Regards
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
07-08-2013 12:11 AM
Hi jcarvaja,
I have nothing to do with unidirectional or bidirectional. My issue is that NetFlow collector is showing traffic of ASA. It was working fine on version 8.2(5). After upgradation it to 8.4(6) my netflow collector stops displaying data. I have mentioned config above of netflow in ASA of both version 8.2(5) & 8.4(6).
I just need to know if there is any changes in 8.4(6) which need to configure so that my netflow collector start displaying traffic.
07-08-2013 09:24 AM
Hello Anukalp.
This is what you asked:
Can you tell me pls how could how could i enable bidirectional support.
Also if netflow in ASA ver 8.4(6) is unidirectional then would it not work.
That is all related to bidirectional, unidirectional flow
Can you share the following:
show run class class-default
show service-policy
clear flow-export counters
show flow-export counters
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
07-11-2013 06:33 AM
Consider downloading the Cisco ASA Guide to NetFlow Security Event Logging and Cyber Threat Detection. It should help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide