Logging in high performance environments is non-trivial. NetFlow on the ASA provides an efficient way to track connection creation, teardown and denies in an efficient manner. This is done by sending binary data in UDP packets as opposed to ASCII based syslog messages. The implementation used on the ASA platforms is NetFlow v9 which is defined by RFC3954
The feature was introduced in ASA 8.2.1/ASDM 6.2.1. For information on the feature itself, its functionality and limitations you can read here. The document below presents how to use ASDM to configure the ASA to send Neflow information to the Netflow collector.
Configure the Collector
In ASDM under Configuration go in Device Management > Logging > Netflow.
There you can set the Netflow collector ip address, the ASA interface it is behind and the port it supports.
You can also set the template packet send frequency and disable syslogs that are redundant after the Netflow information extraction.
Configure the Netflow information extraction
To enable the ASA to start sending information to the collector defined above you need to go to Firewall > Service Policy Rules.
You create a new service policy that needs to be applied GLOBALLY.
Define the traffic that you need to collect Netflow statistics for.
And then define the collector that statistics for this traffic will be sent to (that you defined above).
Finally, you have a Netflow service policy on your ASA.
After deploying these changes to the ASA, you configuration for the feature should looke like this.
access-list global_mpc extended permit ip any any
flow-export destination inside 192.168.1.13 2055
match access-list global_mpc
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
flow-export event-type all destination 192.168.1.13
Hello,I set up a wired 802.1x configuration. A windows DC/DNS/CA and a DHCP/NPS server authenticate and authorize succesfully a switch port.Unfortunately, no traffic is allowed to pass through the port?!? IP address on the host and Vlan on the switch are ...
Hi Experts, Please check and suggest, if the attached design is a workable solution.Currently, working on migrating existing Apps to public cloud, since the customer dont want to change the public IP for the apps,resources, looking to forward the customer...
Trying to configure the FW to allow ssh from a remote vpn user to an inside private host over Mgt interface and allow traffic out Outside interfaceVPN is working correctly, ssh is not working to internal host in private subnet(traffic from the VPN subnet ...
I am having some issue attempting to get the Cisco AnyConnect app for iOS 13 to see certificates that are being installed via our MDM solution. If the certificate is installed via a VPN connection it shows in the AnyConnect app's certificates, but i...
I do some light sysadmin stuff for my wife's school and they had a BE4000 installed last year. The people who configured it didn't talk to the network people and configured it with static IP information. Well, our firewall changed and now it can't reach t...