Solved: ASA 5510(8.46)-NetFlow

Anukalp S · ‎07-05-2013

I have recently upgraded our ASA to version 8.4(6) but after upgradation i have noticed that Netflow stats are not showing in our tool. I have rediscovered device in tool but still problem persist. I dont know whether issue is with config. ASA config was converted after reload from previous 8.2 version.

Below is config after upgradation OS.

============================================

access-list flow_export_acl extended permit ip host 10.110.151.11 host 10.110.151.51

flow-export destination inside 10.110.151.11 9996

flow-export template timeout-rate 1

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect skinny

inspect icmp

class class-default

flow-export event-type all destination 10.110.151.11

jakewilson · ‎07-06-2013

Hello Anukalp,

Cisco jumped around a bit in the different firmware releases on how the NSEL is exported. It is best explained in this post on Cisco ASA NetFlow : Bidirectional Support Added. I hope this helps, please vote on my reply if it does.

Jake

View solution in original post

smetieh001 · ‎07-05-2013

Hi Anukalp,

I do not see any match statement in your class map. You should match the access-list "flow_export_acl you created.

Can you post the config proir to upgrade?

Anukalp S · ‎07-05-2013

Hi..

Before upgradation config was below..

=========================================

snmp-server host inside 10.110.151.11 community *****

flow-export destination inside 10.110.151.11 9996

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect skinny

inspect icmp

class class-default

flow-export event-type all destination 10.110.151.11

jakewilson · ‎07-06-2013

Hello Anukalp,

Cisco jumped around a bit in the different firmware releases on how the NSEL is exported. It is best explained in this post on Cisco ASA NetFlow : Bidirectional Support Added. I hope this helps, please vote on my reply if it does.

Jake

Anukalp S · ‎07-07-2013

Can you tell me pls how could how could i enable bidirectional support.

Also if netflow in ASA ver 8.4(6) is unidirectional then would it not work.

Julio Carvajal · ‎07-07-2013

Hello Anukalp.

Exactly, on that version you could only use unidirectional,

How to enable it? I am not 100% sure but I think is the only method it supports so it will be on by default,

There is no command for it on the command reference so it's just the mode you have on this version

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Anukalp S · ‎07-08-2013

Hi jcarvaja,

I have nothing to do with unidirectional or bidirectional. My issue is that NetFlow collector is showing traffic of ASA. It was working fine on version 8.2(5). After upgradation it to 8.4(6) my netflow collector stops displaying data. I have mentioned config above of netflow in ASA of both version 8.2(5) & 8.4(6).

I just need to know if there is any changes in 8.4(6) which need to configure so that my netflow collector start displaying traffic.

Julio Carvajal · ‎07-08-2013

Hello Anukalp.

This is what you asked:

Can you tell me pls how could how could i enable bidirectional support.

Also if netflow in ASA ver 8.4(6) is unidirectional then would it not work.

That is all related to bidirectional, unidirectional flow

Can you share the following:

show run class class-default

show service-policy

clear flow-export counters

show flow-export counters

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

jakewilson · ‎07-11-2013

Consider downloading the Cisco ASA Guide to NetFlow Security Event Logging and Cyber Threat Detection. It should help.