cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12142
Views
19
Helpful
14
Replies

can't change or remove netflow setting from an ASA 5520

Brent Rockburn
Level 2
Level 2

I've tried in the ADSM and I've tried the CLI and I can't remove or change these entries.

Any know what I'm doing wrong here?

fw-x-5520-1(config)# flow-export destination iSP2/Swift 10.xx.x.xx 2055
ERROR: flow-export: destination already exists
fw-x5520-1(config)# no flow
fw-x5520-1(config)# no flow-export en
fw-x-5520-1(config)# no flow-export enable
ERROR: This command is no longer supported. Flow-export actions under MPF need to be removed to stop exporting NetFlow events.
fw-x5520-1(config)#

14 Replies 14

try the no flow-export destination iSP2/Swift 10.xx.x.xx 2055

and then try to remove the no flow-export enable

Doesn't matter what order I do it in I get the same results.

how about this command:

no export destination ip-address port
no ip flow-export destination ip-address udp-port

sorry for the ASA try clear configure flow-export

fw-517-5520-1(config)# clear configure flow-export

ERROR: Some destinations may be in use. Remove references before attempting to delete

fw-517--5520-1(config)#

Still no worky!!

give the details of sh run | i flow-export

The error is showing destination in use because it value is yet to time out

try again the same command.

This appears when I do a sh run but not when I look through the config itself.

fw-517-5520-1# sh run | in flow
flow-export destination ISP2/Swift 10.66.x.x 2055
  flow-export event-type all destination 10.66.x.x
fw-517-5520-1#

Has this issue been resolved.  I'm having the same issue.  Thanks.

Doug

Remove the netflow configuration from the policy-map first (or just remove the class that has the netflow association from the policy-map), then you would be able to remove the netflow configuration.

Hope that helps.

Thanks for the reply.  Here is the config for policy-map. I tried to remove the policy map but got the error below.  What is the correct commands to remove flow-export?  Thanks.

policy-map global_policy
class class-default
  flow-export event-type all destination 10.59.1.53

AlzASA(config)# no policy-map global_policy
ERROR: policy-map global_policy is being used and hence cannot be removed.

Here is the steps:

no service-policy global_policy global

policy-map global_policy

     no class class-default

service-policy global_policy global

It worked!!!  Thank you for your help.

Doug

raymundozuniga
Level 1
Level 1

Had same issue.

(config)# sh run flow-export
flow-export destination inside 192.168.xxx.xxx 512
flow-export template timeout-rate 1
flow-export delay flow-create 15

(config)# clear configure flow-export
ERROR: Some destinations may be in use. Remove references before attempting to delete

(config)# no class-map flow_export_class
ERROR: % class-map flow_export_class is being used

SOLUTION

I had to look at policy-map first

(config)## sh run policy-map

class flow_export_class
class flow_export_class
flow-export event-type all destination 192.168.xxx.xxx

So I did 

(config)## policy-map global_policy

(config-pmap)# no class flow_export_class

(config-pmap)# exit

(config)## sh run class-map
class-map flow_export_class
match access-list flow_export_acl

(config)#no class-map flow_export_class

(config)# clear configure flow-export

(config)# sh run flow-export

(config)# ---empty--- YESSS!!!!

I was clear of the netflow config and I cold move on !!!

smbusta
Level 1
Level 1

have you tried this > no class export-netflow-class or clear config class export-netflow-class

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: