Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

ASA support for netflow in 8.2(1)

This is just something I ran across. Netflow does not seem to work properly in ASA release 8.2(1). However 8.2(2) works just fine.

Find more posts tagged with

Accepted answers

chris.lapoint

I think that 8.2(2).9 may have a problem with NTA 3.6, I've confirmed that the server Orion is running on is recieving netflow from the ASA and confirmed that our global network/sec op teams are recieving netflow on their QRadar box from the ASA but Orion isn't showing the data and believes the last time it received netflow from that box was the day I updated the ASA software to 8.2(2).9.
Is this a known issue?

I haven't heard this come up in our bug reviews. Please go ahead and submit a support ticket and we'll investigate.

All comments

MarieB

Hi Donald--

Thanks for the info. Have you seen the NTA FAQ? It has ASA posts in it that may help the situation.

This has been marked to the PM, too.

Thx,

Sohail.Bhamani

There is great information about this here:

http://support.solarwinds.com/kbase/ProblemDetail.cfm?ID=1264

The bug is known on versions before 8.2(11). The bug has to do with the ASA not sending the ifIndex in the netflow packet to Orion NTA. This would still show data, but it would show from the wrong interface (ie Null0, etc). Once you are on 8.2(12) or newer, this bug is fixed.

Hope this helps.

Donald_Francis

Sohail , I know about the interface issue I was the person whom actually filed the bug with Cisco and worked with SW on it. But in 8.2(1) there was no such issue. What I found was that the system said it was sending netflows but it actually was not. When I jumped to 8.2(2) with no other changes I had netflows going out just fine.

Donald_Francis

You also have your versions wrong. I do not mean to be a smarty pants I just wanted to be clear on everything and not have everyone confused.

8.2(1)-12 is what you are talking about not 8.2(12). The latest code is only 8.2(2)

Sohail.Bhamani

Right! 8.2.1(12) is known to be good. I recently worked with a customer with a preview release 8.3 so that should be coming soon as well.