Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

can't change or remove netflow setting from an ASA 5520

I've tried in the ADSM and I've tried the CLI and I can't remove or change these entries.

Any know what I'm doing wrong here?

fw-x-5520-1(config)# flow-export destination iSP2/Swift 10.xx.x.xx 2055
ERROR: flow-export: destination already exists
fw-x5520-1(config)# no flow
fw-x5520-1(config)# no flow-export en
fw-x-5520-1(config)# no flow-export enable
ERROR: This command is no longer supported. Flow-export actions under MPF need to be removed to stop exporting NetFlow events.
fw-x5520-1(config)#

14 REPLIES

Re: can't change or remove netflow setting from an ASA 5520

try the no flow-export destination iSP2/Swift 10.xx.x.xx 2055

and then try to remove the no flow-export enable

New Member

Re: can't change or remove netflow setting from an ASA 5520

Doesn't matter what order I do it in I get the same results.

Re: can't change or remove netflow setting from an ASA 5520

how about this command:

no export destination ip-address port
no ip flow-export destination ip-address udp-port

Re: can't change or remove netflow setting from an ASA 5520

sorry for the ASA try clear configure flow-export

New Member

Re: can't change or remove netflow setting from an ASA 5520

fw-517-5520-1(config)# clear configure flow-export

ERROR: Some destinations may be in use. Remove references before attempting to delete

fw-517--5520-1(config)#

Still no worky!!

Re: can't change or remove netflow setting from an ASA 5520

give the details of sh run | i flow-export

The error is showing destination in use because it value is yet to time out

try again the same command.

New Member

Re: can't change or remove netflow setting from an ASA 5520

This appears when I do a sh run but not when I look through the config itself.

fw-517-5520-1# sh run | in flow
flow-export destination ISP2/Swift 10.66.x.x 2055
  flow-export event-type all destination 10.66.x.x
fw-517-5520-1#

New Member

Re: can't change or remove netflow setting from an ASA 5520

Has this issue been resolved.  I'm having the same issue.  Thanks.

Doug

Super Bronze

Re: can't change or remove netflow setting from an ASA 5520

Remove the netflow configuration from the policy-map first (or just remove the class that has the netflow association from the policy-map), then you would be able to remove the netflow configuration.

Hope that helps.

New Member

Re: can't change or remove netflow setting from an ASA 5520

Thanks for the reply.  Here is the config for policy-map. I tried to remove the policy map but got the error below.  What is the correct commands to remove flow-export?  Thanks.

policy-map global_policy
class class-default
  flow-export event-type all destination 10.59.1.53

AlzASA(config)# no policy-map global_policy
ERROR: policy-map global_policy is being used and hence cannot be removed.

Super Bronze

Re: can't change or remove netflow setting from an ASA 5520

Here is the steps:

no service-policy global_policy global

policy-map global_policy

     no class class-default

service-policy global_policy global

New Member

Re: can't change or remove netflow setting from an ASA 5520

It worked!!!  Thank you for your help.

Doug

New Member

Had same issue.

Had same issue.

(config)# sh run flow-export
flow-export destination inside 192.168.xxx.xxx 512
flow-export template timeout-rate 1
flow-export delay flow-create 15

(config)# clear configure flow-export
ERROR: Some destinations may be in use. Remove references before attempting to delete

(config)# no class-map flow_export_class
ERROR: % class-map flow_export_class is being used

SOLUTION

I had to look at policy-map first

(config)## sh run policy-map

class flow_export_class
class flow_export_class
flow-export event-type all destination 192.168.xxx.xxx

So I did 

(config)## policy-map global_policy

(config-pmap)# no class flow_export_class

(config-pmap)# exit

(config)## sh run class-map
class-map flow_export_class
match access-list flow_export_acl

(config)#no class-map flow_export_class

(config)# clear configure flow-export

(config)# sh run flow-export

(config)# ---empty--- YESSS!!!!

I was clear of the netflow config and I cold move on !!!

mo
New Member

I am looking for a CCNP R+S

I am looking for a CCNP R+S certified Technical Service Engineer to come onboard at one of my client sites in Reading.

 

You will be responsible for leading the technical relationship of one or more clients on a tactical day to day basis, liaising closely and supporting, where appropriate, strategic initiatives led by the client account team.

 

The following core technical skills are pre-requisites for the role: -

 

  • Experience diagnosing complex issues through packet capture analysis (Wireshark, tcpdump, snoop, Sniffer Pro)
  • Hands on experience including but not limited to:
  • Cisco switches, routers and Firewalls
  • Juniper switches and routers
  • F5 Big-IP and Cisco ACE load balancers
  • Check Point Firewalls
  • Palo Alto (can be taught)

 

Monetary package is up to 70K (Bonus inclusive)

5544
Views
4
Helpful
14
Replies