I am running a trial version of NTA and trying to get data off a Cisco ASA 5510. I have it configured to send to the server, but it is not seeing anything coming from the ASA. I need to know that this can be done, otherwise we wont purchase it.
OK its working now. It turned out to be how Orion is routing to the ASA.
NTA can successfully accept Netflow data from Cisco ASA 8.2 and higher. Cisco uses Netflow v9 NSEL template. This sends the information in two parts, Template information and data. The most common issues are that the devices is not sending one or the other. The best way to identify which is the issue is by performing a data capture form the Orion server and investigating the packets. NOTE: If you already have an existing Global policy then you will just need to add the Netflow policy to it.
access-list netflow-export extended permit ip any any
flow-export destination inside 172.27.1.9 2055
flow-export template timeout-rate 1
flow-export delay flow-create 60
class-map netflow-export-class
match access-list netflow-export
policy-map global_policy
class netflow-export-class
flow-export event-type all destination 172.27.1.9
service-policy global_policy global
