Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2002
Views
0
Helpful
3
Replies

Active timeout for ASA Netflow?

adamwedwick
Level 1
Level 1

‎07-06-2010 11:34 AM - edited ‎03-11-2019 11:08 AM

I'm trying to figure out if active timeout is supported on ASA 8.3 Netflow export? The example below is from a Cisco IOS 4K switch.

1.  Following Netflow V9 fields must be exported: IPV4_SRC_ADDR, IPV4_DST_ADDR, IN_BYTES, IN_PKTS, L4_SRC_PORT, L4_DST_PORT, LAST_SWITCHED, FIRST_SWITCHED, PROTOCOL and TCP_FLAGS. (See RFC 3954, Reference 1).

2.  The inactive timeout be set to 15 seconds and the active timeout be set to 1 minute.

Switch(config)# ip flow-aggregation cache

Switch(config-flow-cache)# cache timeout inactive 15

Switch(config-flow-cache)# cache timeout active 1

What I need from ASA are commands:

1.    to configure ASA to send all the information in step 1 above.

2.    to set active timeout to 1 minute.

Does anyone know if this is possible?

Thanks,

AW

Labels:
0 Helpful
3 Replies 3

Kevin Redmon
Cisco Employee
Cisco Employee

‎07-06-2010 09:01 PM

Adam,

The current available functionality on the ASA regarding NetFlow is still in its infancy.  There are future plans to expand this functionality to be more in line with the function of IOS NetFlow output.  In summary, the ASA does NOT provide continuous monitoring of any particular flow (again, as of yet) but will only register NetFlow events during a change in the connection status - ie connection denied, connection setup and connection teardowns.  For specifics of the NetFlow events that are logged, please consider the link below:

http://www.cisco.com/en/US/docs/security/asa/asa81/netflow/netflow.html

If you feel that this is a feature that you would like to see implemented in the near future, please feel free to communicate this to your Cisco Account team.  They will assist in the prioritization of features and when they will be implemented.

If this answers your questions, please be sure to mark this as answered for others' benefit.

Best Regards,

Kevin

0 Helpful

jakewilson
Level 1
Level 1

‎07-07-2010 04:27 AM

We have been getting a few calls with questions on the uniqueness of the NetFlows exported by the Cisco ASA. Check out this PDF:
http://www.plixer.com/files/netflow-on-the-asa-11-18-09.pdf

Jake Wilson

Scrutinizer NetFlow Analyzer

0 Helpful

Kevin Redmon
Cisco Employee
Cisco Employee
In response to jakewilson

‎07-07-2010 05:11 AM

Jake,

That is very interesting to see how the differences in the ASA NetFlow appear in the different tools.

Thanks for the insight!

Best Regards,

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card