Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
0
Helpful
5
Replies

netflow not passing through the firewall

jasmeet.guru
Level 1
Level 1

‎03-08-2018 12:00 PM - edited ‎02-21-2020 07:29 AM

Hi, 

 

I have configured flexible netflow on cisco 4351.  I want to sync it with Solarwinds using port 2055. its generating stats, but some how all the netflow information is not passing through Cisco ASA as it is not syncing with Solarwinds (showing never under last received netflow).

 

Below is the config:-

 

flow record FLOW_RECORD_IPv4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes
collect counter packets
!
!
flow exporter EXPORTER_A.B.C.D
destination A.B.C.D
transport udp 2055
!
!
flow monitor FLOW_MONITOR_IPv4
exporter EXPORTER_A.B.C.D
record FLOW_RECORD_IPv4
!
interface GigabitEthernet0/0/2
ip flow monitor FLOW_MONITOR_IPv4 input
ip flow monitor FLOW_MONITOR_IPv4 output

!

Also, On ASA i have applied access-list to permit udp traffic on port 2055. 

 

Suggestions please. Thanks in advance.

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-08-2018 12:14 PM

Is the ASA perhaps NATing the source address so when it arrives it appears to have come from a different IP address than your router?

0 Helpful

jasmeet.guru
Level 1
Level 1
In response to Philip D'Ath

‎03-09-2018 08:06 AM

Hi Philip, 

 

ASA is not NATing the source address from router, however the inside network (solarwinds address is NATed). I have applied the ACL for destination (solarwinds both Original and NATed address) to permit traffic from any source, no luck. 

What should be changed ?

0 Helpful

Florin Barhala
Level 6
Level 6
In response to jasmeet.guru

‎03-12-2018 08:06 AM

Did you run the capture? What do you see there?

Instead of guessing we can review captured packet on different ASA interfaces.

0 Helpful

Florin Barhala
Level 6
Level 6

‎03-09-2018 01:36 AM

On the same idea as Philip, can you run a capture on ASA on the EXIT interface aka 2nd interface and check traffic status.
0 Helpful

mahyatt
Cisco Employee
Cisco Employee

‎03-20-2024 09:53 AM

Not sure if you ever solved this. I have seen where the FTD drops traffic when the source IP used to originate UDP traffic does not have a route to send traffic back to the interface that it received the traffic from.  The packet capture tool with trace can help identify this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card