your best bet would be to

Mokhalil82 · ‎01-16-2015

Hi

I have netflow configured on my router to send data to my internal server at 192.168.0.50 on UDP port 2055

I do have an asa in between and so I allowed icmp from the outside on the asa and I am able to ping the server using the source ip of 1.1.1.1.

How can i text connectivity to ping from source 1.1.1.1 port 2055 to dest 192.168.0.50 port 2055. ASA has the rules to allow the traffic

The config I have on the router is

ip flow-export source Loopback1
ip flow-export version 9
ip flow-export destination 192.168.0.50 2055

My router ports have ip flow ingress and egress configured

The issue started upon upgrading the router but using the same config.

Ive notice the rule on the asa to allow traffic from 1.1.1.1 to 192.168.0.50 is not any getting hits

Thanks

joe19366 · ‎01-18-2015

your best bet would be to capture traffic on the outside and inside of the ASA:

access-list 118 permit udp any any eq 2055

capture outside access-list 118 interface outside buffer 500000

capture inside access-list 118 interface inside buffer 500000

now

show capture outside

show capture inside

do you have netflow packets outside?

YES/NO?

do you have netflow packets inside?

you may not have netflow working if none outside

you probably dont have the access-list on ASA working properly if none inside ;)

are you sure the server is listening?

check.

Mokhalil82 · ‎01-20-2015

Hi

Thanks for the info, I am not receiving any packets on the outside interface so looks like the config is not working, but I have used the exact same config from the old router I replaced so been through is a few times a to make sure it takes the config ok

I have checked the server and it is listening to the loopback interface

ayodeji.oseni · ‎09-10-2015

Hi Mokhalil82,

Have you resolved this issue?

Test Netflow connectivity from Cisco Router or ASA