Re: Netflow on ASA5520

Naresh Pochamaneni · ‎04-29-2013

ASA5520 version 8.4(2) 15

I can not get it to report Netflow to the collection agent at 10.10.28.154 Below are commands configured on ASA.

access-list NETFLOW extended permit ip any any

flow-export destination INSIDE 10.10.28.154 2055

snmp-server host INSIDE 10.10.28.154 community ***** version 2c

class-map GLOBAL-NETFLOW

match access-list NETFLOW

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

class GLOBAL-NETFLOW

policy-map global-policy

class GLOBAL-NETFLOW

flow-export event-type all destination 10.10.28.154

Please help me on this...

jakewilson · ‎04-30-2013

Hello, Do you have access to the ASDM interface? There is a video on youtube that expains how to enable NetFlow using ASDM. Also, have you enabled a packet analyzer at the collector to verify that flow datagrams are reaching it?

Jake

Naresh Pochamaneni · ‎04-30-2013

Hi Jake,

I dont have access to ASDM Interface i am trying it in CLI and i didnt enabled packet analyzer at the collector..

Thanks

Naresh

Julio Carvajal · ‎04-30-2013

Hello Naresh,

Can you add

flow-export template timeout-rate 1

flow-export delay flow-create 60

Then let me know

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Naresh Pochamaneni · ‎05-01-2013

I tried those commands but not luck..

Naresh

Julio Carvajal · ‎05-02-2013

Hello Naresh,

Really,

Can you share the entire configuration please and the following outputs:

show flow-export counters

show service-policy global flow ip host [source IP] host [dest IP]

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC