05-16-2011 05:37 AM - edited 03-11-2019 01:33 PM
Hi ,
I have been trying to use the netflow features V9 with Manage engine NTA. I configured the ASA for netflow via ASDM. When i go to the webconsole of the Manage Engine i get this message
No device is currently exporting NetFlow / sFlow packets to NetFlow Analyzer.
Listening for NetFlow / sFlow Packets at Port 9996
So i decided to verify my configuration using the # show flow-export counters
and i had this output
ciscoasa# sh flow-export counters
destination: inside 192.168.1.10 9996
Statistics:
packets sent 180
Errors:
block allocation failure 0
invalid interface 0
template send failure 0
no route to collector 0
By looking at the last line made me think i had no route to the collector from the ASA. What do i need to do.
I have attached the running configuration of my ASA. Help me to sort this issue.
Solved! Go to Solution.
05-16-2011 11:10 AM
Hi,
Now I can see that the firewall its doing its job, from this point now you will need to troubleshoot the server. On the attached capture you can see that the firewall is sending the flow information, in the previous capture I was not able to see it because the template didnt arrived. Now with this new capture, I can see the template and I can see that the flow is being sent to the collector.
I know that this is not an ASA problem, but you can start wireshark on the server to see if you get the template and if you see the flows, if you do, it would be an application issue.
Mike
05-16-2011 09:53 AM
Hi,
You are missing a couple of commands there, please add
flow-export destination inside 192.168.1.10
flow-export template timeout-rate 1
Try to ping the collector from the ASA. You can use the following guide for reference:
https://supportforums.cisco.com/docs/DOC-6113
If you have any questions, let me know.
Mike
05-16-2011 10:07 AM
05-16-2011 10:16 AM
Ohh, Didnt see those... can you run a packet capture?
capture test interface inside match udp any any eq 9996
Then download the capture as follows:
https://192.168.1.1/capture/test/pcap
Also, were you able to ping the server from the ASA ?
Mike
05-16-2011 10:26 AM
thanks I have attached the packet capture file. i have not enabled ping on the asa.
05-16-2011 10:38 AM
Hi,
The issue ist that there is no template for the NTA to read the netflow data, however, the packets are being sent. Would you please take this command out?
flow-export delay flow-create 60
Then, take a capture for 2 minutes and then send it to me again.
Cheers
Mike
05-16-2011 10:57 AM
Hi
I have taken the command off and have attached the captured file. thanks
05-16-2011 11:10 AM
Hi,
Now I can see that the firewall its doing its job, from this point now you will need to troubleshoot the server. On the attached capture you can see that the firewall is sending the flow information, in the previous capture I was not able to see it because the template didnt arrived. Now with this new capture, I can see the template and I can see that the flow is being sent to the collector.
I know that this is not an ASA problem, but you can start wireshark on the server to see if you get the template and if you see the flows, if you do, it would be an application issue.
Mike
05-16-2011 12:02 PM
Thank you finally managed to sort the issue out. Windows 7 firewall was the issue. disabled it and works without any issue
05-16-2011 12:04 PM
Hi,
Excellent, I thought of something like that. I am glad that everything is working. Thank you for posting.
Mike
05-16-2011 12:07 PM
thanks for helping me out. btw i have to ask when i issued the sh flow-export counters command why did i get a no route to collector output.
05-16-2011 12:17 PM
Hi
Well, if you notice, the counter is on 0, so it did not have issues with no route to collector, If the collector would have been on a non-directly connected network and the ASA wouldnt have a route to it, you would be able to see the counter incrementing.
Cheers.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide