Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1541
Views
0
Helpful
6
Replies

Netflow on a ASA

Go to solution
jef_rat72
Level 1
Level 1

‎08-23-2011 10:49 AM - edited ‎03-11-2019 02:15 PM

5505 ASA, 8.2(1)

We can not get it to report Netflow to the collection agent at 192.168.1.34.  Here is the commands I've entered:

asa# show run | i flow

access-list netflow-export extended permit ip any any

flow-export destination inside 192.168.1.34 2055

flow-export template timeout-rate 1

flow-export delay flow-create 60

class-map netflow-export-class

match access-list netflow-export

  flow-export event-type all destination 192.168.1.34

policy-map netflow-export-policy

class netflow-export-class

  flow-export event-type all destination 192.168.1.34

Any ideas?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎08-23-2011 10:57 AM

The policy map needs to be applied globally, otherwise it wont work.

Would you please do a show run service-policy?

Doc

https://supportforums.cisco.com/docs/DOC-6113

Mike

Mike

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎08-23-2011 10:57 AM

The policy map needs to be applied globally, otherwise it wont work.

Would you please do a show run service-policy?

Doc

https://supportforums.cisco.com/docs/DOC-6113

Mike

Mike
0 Helpful

Go to solution
jef_rat72
Level 1
Level 1
In response to Maykol Rojas

‎08-23-2011 11:03 AM

asa# show run service-policy

service-policy global_policy global

so it's blank. 

Here is what the config looks like now:

policy-map global_policy

class class-default

  flow-export event-type all destination 192.168.1.34

policy-map netflow-export-policy

class netflow-export-class

  flow-export event-type all destination 192.168.1.34

Should it look like this?:

policy-map global_policy

class class-default

class netflow-export-class

  flow-export event-type all destination 192.168.1.34

Never mind, I got it!  Thank you very much!

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to jef_rat72

‎08-23-2011 11:15 AM

Hi,

Now the config looks completely different from what you posted....

Do the following...

access-list netflow-export extended permit ip any any

  flow-export destination inside 192.168.1.34 2055

     flow-export template timeout-rate 1

class-map netflow-export-class

  match access-list netflow-export

policy-map global_policy

no class class-default

  class netflow-export-class

     flow-export event-type all destination 192.168.1.34

If After this it does not work, please do the following...

capture test interface inside match udp any any eq 2055

Wait for 2 seconds and then download them on pcap format

If you are located on the inside the way to do this would be as follows

http 0 0 inside

http server enable

Open a web browser and do the following

https://

Mike

Mike
0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to Maykol Rojas

‎08-23-2011 11:15 AM

Oooook!

Nice

Mike

Mike
0 Helpful

Go to solution
jef_rat72
Level 1
Level 1
In response to Maykol Rojas

‎08-23-2011 11:18 AM

to clarify the trick was cleaning up my global_policy 

So going from:

policy-map global_policy

class class-default

  flow-export event-type all destination 192.168.1.34

policy-map netflow-export-policy

class netflow-export-class

  flow-export event-type all destination 192.168.1.34

To:

policy-map global_policy

class class-default

class netflow-export-class

  flow-export event-type all destination 192.168.1.34

Thanks again.

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to jef_rat72

‎08-23-2011 11:21 AM

Yup,

Nice work.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card