cisco asa netflow

Kashish_Patel · ‎12-17-2012

I am trying to configure netflow export on Cisco ASA firewalls.

I have done config and I can also see some packets exported to fluke. However I am not seeing any data on fluke. Is fluke a supported exporter for cisco ASA firewalls?

I found this doc and it says there are problems with understanding Cisco ASA exports:

https://supportforums.cisco.com/docs/DOC-6113

We are running 8.4 ASA code.

julomban · ‎12-17-2012

Hello Kashish,

From the ASA perspective you can issue a "show flow-export counters" and check the "packets sent" section.

The netflow collector must comply with the ASA limitations, otherwise you will not get the correct data from the ASA.

Could you please share tghe ASA configuration just to make sure you have the ASA configure in the proper way.

Regards,

Juan Lombana

Please rate helpful posts.

Kashish_Patel · ‎12-23-2012

fw1/hyd.shaw.net# sh flow-export counters

destination: inside 10.219.72.46 2055

Statistics:

packets sent 1650073

Errors:

block allocation failure 0

invalid interface 0

template send failure 0

no route to collector 0

What ASA limitations are you referring to? Please let me know.

Thanks.

jakewilson · ‎12-18-2012

Hi Kashish,

By any chance is your ASA running the latest version 8.4(5)? If it is, Cisco implemented reverse bytes. You can read about it here:

Cisco ASA 8.4(5) NetFlow Support

You may need to call Fluke and ask them to post a patch. This is an exciting release because it includes support for Active Timeout and a more standard way of exporting bidirectional flows.

If this helps, please vote on my post.

Sincerely,

Jake Wilson

NetFlow Knight