ASA Netflow to Riverbed

tahscolony · ‎08-17-2015

Have this weird issue with Netflow collection. All I am seeing is SSH traffic, no other traffic is being reported. Pretty much all that is collected is the Tacacs and monitoring servers, and not much of that either. It is set up correctly, and is exporting.

sh flow-export counters

destination: inside 192.168.47.47 2055
Statistics:
    packets sent                                           524461
Errors:
    block allocation failure                                    0
    invalid interface                                           0
    template send failure                                       0
    no route to collector                                       0
    source port allocation failure                              0

The Flow Gateway though only reports about 10k packets received. There are 3 ASA and all 3 report the same way. Port 49 and port 1645, and thats it.

access-list global_mpc line 1 extended permit ip any4 any4

class-map global-class
match access-list global_mpc

flow-export destination inside 192.168.47.47 2055
flow-export delay flow-create 10

policy-map global_policy

class global-class
flow-export event-type all destination 192.168.47.47

Don Jacob · ‎08-25-2015

Can you try reconfig through ASDM if possible:

https://supportforums.cisco.com/document/30476/configuring-netflow-asa-asdm

And set template timeout to 1 and in the global-class, set to capture "Any traffic"

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.