Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Updated Cisco ASA Netflow configuration when running software version 9.1.(2) or later

Updated Cisco ASA Netflow configuration when running software version 9.1.(2) or later

Table of contents

Updated January 18th, 2017

Overview

This article provides an updated version of a sample configuration for Cisco ASA running software version 9.1.(2) or later. Cisco has included some additional commands to help better normalize and virtually remove all  high peaks. The configuration template below is a known Cisco ASA configuration that works with Solarwinds Netflow. This article includes an example configuration you can use to build your own configuration specific to your environment.

Environment

  • NTA 3.7 or later
  • Cisco ASA with software versions 9.1(2) or higher

Detail

They have added an active timeout command:

flow-export active refresh-interval 1 ( will ensure all flows are exported every 1 minute)

 

In the past, the following event-type was thought to be the best option but Cisco ASA will export the flow that contains the entire number of bytes when the event-type below is exported. When using this event-type it will also include the Tear down event which includes all the total of all bytes for the entire conversation. This causes some very high peaks and also showing more traffic than what actually passed through the circuit.

flow-export event-type all destination 1.1.1.1

 

It is now recommended to filter out the events by only adding the following

flow-export event-type flow-creation destination 1.1.1.1

flow-export event-type flow-denied destination 1.1.1.1

flow-export event-type flow-update destination 1.1.1.1

 

Full sample configuration below: (new commands in bold)

flow-export destination inside 1.1.1.1 2055
flow-export template timeout-rate 1
flow-export delay flow-create 60

flow-export active refresh-interval 1 ( this will ensure all flows are exported every 1 minute)
access-list netflow-export extended permit ip any any
class-map netflow-export-class
match access-list netflow-export
policy-map global_policy ( Global Policy)
    class netflow-export-class  ( the following three commands should be added to the Global Policy)
         flow-export event-type flow-creation destination 1.1.1.1

         flow-export event-type flow-denied destination 1.1.1.1

          flow-export event-type flow-update destination 1.1.1.1


service-policy global_policy global

 

Note:  If a global policy already exists, add the Netflow policy map to it.

The device may only configure the device through the ASDM console for security reasons. For an example of a config walk through, see Configuring NetFlow on ASA with ADSM.

 

Helpful links

 

Cisco ASA configuration sample when running other versions:

Example NetfFlow Config - Cisco ASA_Cisco_ASA

 

Last modified
09:26, 31 Jul 2017

Tags

Classifications

Public