Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Netflow Traffic Analyzer (NTA) > Updated Cisco ASA Netflow configuration when running software version 9.1.(2) or later

Updated Cisco ASA Netflow configuration when running software version 9.1.(2) or later

Table of contents
Created by Joseph Esquitin, last modified by Eric Bryant on Jan 18, 2017

Views: 247 Votes: 2 Revisions: 5

Overview

This article provides an updated version of a sample configuration for Cisco ASA running software version 9.1.(2) or later. Cisco has included some additional commands to help better normalize and virtually remove all  high peaks. The configuration template below is a known Cisco ASA configuration that works with Solarwinds Netflow. This article includes an example configuration you can use to build your own configuration specific to your environment.

Environment

  • NTA 3.7 or later
  • Cisco ASA with software versions 9.1(2) or higher

Detail

They have added an active timeout command:

flow-export active refresh-interval 1 ( will ensure all flows are exported every 1 minute)

 

In the past, the following event-type was thought to be the best option but Cisco ASA will export the flow that contains the entire number of bytes when the event-type below is exported. When using this event-type it will also include the Tear down event which includes all the total of all bytes for the entire conversation. This causes some very high peaks and also showing more traffic than what actually passed through the circuit.

flow-export event-type all destination 1.1.1.1

 

It is now recommended to filter out the events by only adding the following

flow-export event-type flow-creation destination 1.1.1.1

flow-export event-type flow-denied destination 1.1.1.1

flow-export event-type flow-update destination 1.1.1.1

 

Full sample configuration below: (new commands in bold)

flow-export destination inside 1.1.1.1 2055
flow-export template timeout-rate 1
flow-export delay flow-create 60

flow-export active refresh-interval 1 ( this will ensure all flows are exported every 1 minute)
access-list netflow-export extended permit ip any any
class-map netflow-export-class
match access-list netflow-export
policy-map global_policy ( Global Policy)
    class netflow-export-class  ( the following three commands should be added to the Global Policy)
         flow-export event-type flow-creation destination 1.1.1.1

         flow-export event-type flow-denied destination 1.1.1.1

          flow-export event-type flow-update destination 1.1.1.1


service-policy global_policy global

 

Note:  If a global policy already exists, add the Netflow policy map to it.

The device may only configure the device through the ASDM console for security reasons. For an example of a config walk through, see Configuring NetFlow on ASA with ADSM.

 

Helpful links

 

Cisco ASA configuration sample when running other versions:

Example NetfFlow Config - Cisco ASA_Cisco_ASA

 

Last modified
11:36, 18 Jan 2017

Tags

Classifications

Public