- Cisco Employee,
Logging in high performance environments is non-trivial. NetFlow on the ASA provides an efficient way to track connection creation, teardown and denies in an efficient manner. This is done by sending binary data in UDP packets as opposed to ASCII based syslog messages. The implementation used on the ASA platforms is NetFlow v9 which is defined by RFC3954
The feature was introduced in ASA 8.2.1/ASDM 6.2.1. For information on the feature itself, its functionality and limitations you can read here. The document below presents how to use ASDM to configure the ASA to send Neflow information to the Netflow collector.
Configure the Collector
In ASDM under Configuration go in Device Management > Logging > Netflow.
There you can set the Netflow collector ip address, the ASA interface it is behind and the port it supports.
You can also set the template packet send frequency and disable syslogs that are redundant after the Netflow information extraction.
Configure the Netflow information extraction
To enable the ASA to start sending information to the collector defined above you need to go to Firewall > Service Policy Rules.
You create a new service policy that needs to be applied GLOBALLY.
Define the traffic that you need to collect Netflow statistics for.
And then define the collector that statistics for this traffic will be sent to (that you defined above).
Finally, you have a Netflow service policy on your ASA.
After deploying these changes to the ASA, you configuration for the feature should looke like this.
access-list global_mpc extended permit ip any any
flow-export destination inside 192.168.1.13 2055
match access-list global_mpc
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
flow-export event-type all destination 192.168.1.13