cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2227
Views
0
Helpful
4
Replies
Highlighted
Beginner

ASA 8.2(5) enable Netflow

Hi,

Running ASA 8.2.(5) with ASDM 6.4(5).

When I try to enable netflow on my <default inspection traffic> policy which is global I get a message saying "only inspect rule actions can be specified for the default inspection traffic".  As Netflow can only be applied as a global service policy, I have to use netflow on a global policy, but how do I use my traffic inspection policy then?

Create multiple service policies I apply to each interface or?

According to https://supportforums.cisco.com/docs/DOC-6114 it looks as I can have both at the same time or in the same Global policy ?

Regards

Robert

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Yes, you can't edit the existing "inspection_default" class within the policy map.

You can add a new "class-map" within the global policy map for the Netflow configuration.

On ASDM, when you are on the "Configuration > Firewall > Service Policy Rules" page, click on Add --> Insert --> choose Global, then click Next --> then click on "Source and Destination IP Address (uses ACL)" then click Next --> Source and Destination both "Any", click Next --> Go to Netflow tab and configure it accordingly.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Just configure a new class-map, with ACL permit ip any any, and apply that class map to the global policy-map.

Highlighted

hmm I seem I can´t create a new class-map with ASDM? I have no option to do that.

Looking at:

https://supportforums.cisco.com/docs/DOC-6113

It says:

Most users will have a global inspection policy so we can just leverage  that. It should be noted that we can't use class-default here because we  won't generate NetFlow data for anything that is subject to inspection.

Is that not what my original message basicly is saying from ASDM?

Robert

Highlighted

Yes, you can't edit the existing "inspection_default" class within the policy map.

You can add a new "class-map" within the global policy map for the Netflow configuration.

On ASDM, when you are on the "Configuration > Firewall > Service Policy Rules" page, click on Add --> Insert --> choose Global, then click Next --> then click on "Source and Destination IP Address (uses ACL)" then click Next --> Source and Destination both "Any", click Next --> Go to Netflow tab and configure it accordingly.

View solution in original post

Highlighted

Super that was it

Did not see the option to Insert !!!!

Robert

Content for Community-Ad