Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Active timeout for ASA Netflow?

I'm trying to figure out if active timeout is supported on ASA 8.3 Netflow export? The example below is from a Cisco IOS 4K switch.

1.  Following Netflow V9 fields must be exported: IPV4_SRC_ADDR, IPV4_DST_ADDR, IN_BYTES, IN_PKTS, L4_SRC_PORT, L4_DST_PORT, LAST_SWITCHED, FIRST_SWITCHED, PROTOCOL and TCP_FLAGS. (See RFC 3954, Reference 1).

2.  The inactive timeout be set to 15 seconds and the active timeout be set to 1 minute.

Switch(config)# ip flow-aggregation cache

Switch(config-flow-cache)# cache timeout inactive 15

Switch(config-flow-cache)# cache timeout active 1

What I need from ASA are commands:

1.    to configure ASA to send all the information in step 1 above.

2.    to set active timeout to 1 minute.

Does anyone know if this is possible?

Thanks,

AW

3 REPLIES
Cisco Employee

Re: Active timeout for ASA Netflow?

Adam,

The current available functionality on the ASA regarding NetFlow is still in its infancy.  There are future plans to expand this functionality to be more in line with the function of IOS NetFlow output.  In summary, the ASA does NOT provide continuous monitoring of any particular flow (again, as of yet) but will only register NetFlow events during a change in the connection status - ie connection denied, connection setup and connection teardowns.  For specifics of the NetFlow events that are logged, please consider the link below:

http://www.cisco.com/en/US/docs/security/asa/asa81/netflow/netflow.html

If you feel that this is a feature that you would like to see implemented in the near future, please feel free to communicate this to your Cisco Account team.  They will assist in the prioritization of features and when they will be implemented.

If this answers your questions, please be sure to mark this as answered for others' benefit.

Best Regards,

Kevin

New Member

Re: Active timeout for ASA Netflow?

We have been getting a few calls with questions on the uniqueness of the NetFlows exported by the Cisco ASA. Check out this PDF:
http://www.plixer.com/files/netflow-on-the-asa-11-18-09.pdf

Jake Wilson

Scrutinizer NetFlow Analyzer

Cisco Employee

Re: Active timeout for ASA Netflow?

Jake,

That is very interesting to see how the differences in the ASA NetFlow appear in the different tools.

Thanks for the insight!

Best Regards,

Kevin

1031
Views
0
Helpful
3
Replies