cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3420
Views
10
Helpful
11
Replies

Netflow on ASA with Manage Engine NTA

chelsea4ever
Level 1
Level 1

Hi ,

I have been trying to use the netflow features V9 with Manage engine NTA. I configured the ASA for netflow via ASDM. When i go to the webconsole of the Manage Engine i get this message

         No device is currently exporting NetFlow / sFlow packets to NetFlow Analyzer.

          Listening for NetFlow / sFlow Packets at Port 9996

So i decided to verify my configuration using the # show flow-export counters

and i had this output

    ciscoasa# sh flow-export counters

destination: inside 192.168.1.10 9996
  Statistics:
    packets sent                                              180
  Errors:
    block allocation failure                                    0
    invalid interface                                           0
    template send failure                                       0
    no route to collector                                       0

By looking at the last line made me think i had no route to the collector from the ASA. What do i need to do.

I have attached the running configuration of my ASA. Help me to sort this issue.


1 Accepted Solution

Accepted Solutions

Hi,

Now I can see that the firewall its doing its job, from this point now you will need to troubleshoot the server. On the attached capture you can see that the firewall is sending the flow information, in the previous capture I was not able to see it because the template didnt arrived. Now with this new capture, I can see the template and I can see that the flow is being sent to the collector.

I know that this is not an ASA problem, but you can start wireshark on the server to see if you get the template and if you see the flows, if you do, it would be an application issue.


Mike

Mike

View solution in original post

11 Replies 11

Maykol Rojas
Cisco Employee
Cisco Employee

Hi,


You are missing a couple of commands there, please add


flow-export destination inside 192.168.1.10

flow-export template timeout-rate 1

Try to ping the collector from the ASA. You can use the following guide for reference:

https://supportforums.cisco.com/docs/DOC-6113

If you have any questions, let me know.

Mike

Mike

Thanks for your reply. the 2 commands u mentioned are already in my config

Pls refer to my attached doc.

Ohh, Didnt see those... can you run a packet capture?

capture test interface inside match udp any any eq 9996

Then download the capture as follows:

https://192.168.1.1/capture/test/pcap

Also, were you able to ping the server from the ASA ?

Mike

Mike

thanks I have attached the packet capture file. i have not enabled ping on the asa.

Maykol Rojas
Cisco Employee
Cisco Employee

Hi,

The issue ist that there is no template for the NTA to read the netflow data, however, the packets are being sent. Would you please take this command out?

flow-export delay flow-create 60

Then, take a capture for 2 minutes and then send it to me again.


Cheers

Mike

Mike

Hi

I have taken the command off and have attached the captured file. thanks

Hi,

Now I can see that the firewall its doing its job, from this point now you will need to troubleshoot the server. On the attached capture you can see that the firewall is sending the flow information, in the previous capture I was not able to see it because the template didnt arrived. Now with this new capture, I can see the template and I can see that the flow is being sent to the collector.

I know that this is not an ASA problem, but you can start wireshark on the server to see if you get the template and if you see the flows, if you do, it would be an application issue.


Mike

Mike

Thank you finally managed to sort the issue out. Windows 7 firewall was the issue. disabled it and works without any issue

Hi,

Excellent, I thought of something like that. I am glad that everything is working. Thank you for posting.

Mike

Mike

thanks for helping me out. btw i have to ask when i issued the  sh flow-export counters command why did i get a no route to collector output.

Hi

Well, if you notice, the counter is on 0, so it did not have issues with no route to collector, If the collector would have been on a non-directly connected network and the ASA wouldnt have a route to it, you would be able to see the counter incrementing.

Cheers.

Mike

Mike
Review Cisco Networking for a $25 gift card