nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Netflow on a Cisco ASA 5540

lchance

Does anyone have this model or one similar discovered into Orion? I'm not seeing any Netflow from this device at Orion NTA.

Does an ASA require a Loopback to be defined for sourcing flows?

Find more posts tagged with

Accepted answers

All comments

MarieB

Hi Larry--

I found this post on monitoring ASA devices. It does not specifically discuss the 5540 and I don't see that on my list of supported devices either, but it will hopefully be of some help.

Let me know,

lchance

Thanks Marie.

FYI - I just got some additional info about this, it is not in place yet, but I hope it will help this issue. Maybe the info will be helpful for others out there...

policy-map global_policy

class class-default

flow-export event-type all destination x.x.x.x yy

chris.lapoint

Here's a document we created on how to configure Cisco ASA export NetFlow for NTA: http://knowledgebase.solarwinds.com/kb/questions/795/Configuring+Cisco+ASA+devices+for+use+with+Orion+NTA

lchance

This is NTA 3.6

And I've just confirmed by using Wireshark that the Orion server is receiving Netflow v9 packets from this ASA.

But I can never get it manually or automatically to show up as a source inside NTA.

Do I need to open a support ticket for this or is there something I'm missing?

chris.lapoint

Is it receiving any templates? One of the issues we've seen is if you don't set the template timeout rate appropriately (i.e. every 1 minute), we won't be able to decode the packets we're receiving. If that isn't the issue, then yes, I'd recommend submitting a ticket and we'll dig into this further.

Delgee

Chris,

You are saying we need to set the template timeout rate appropriately which is 1 minute. Why? Why it must be 1 minute?

I was having problem with NTA that it wasn't showing my netflow info. ASA was sending the netflow but wireshark packet capture said there was no template. The ASA template time-out rate was at 30 min which is the default.

Changing it to 1min fixed the problem and NTA is showing netflow info but changing it back to even 5 minutes is not working.

I've already opened ticket with support and fixed the problem so I just want to know why we need to set it to 1 min?

Regards,
Delgee

mcbridea

1 Minute ensures that you will always have a valid template.