nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Netflow on a Cisco ASA 5540

lchance

Does anyone have this model or one similar discovered into Orion? I'm not seeing any Netflow from this device at Orion NTA.

Does an ASA require a Loopback to be defined for sourcing flows?

Find more posts tagged with

Accepted answers

All comments

MarieB

Hi Larry--

I found this post on monitoring ASA devices. It does not specifically discuss the 5540 and I don't see that on my list of supported devices either, but it will hopefully be of some help.

Let me know,

lchance

Thanks Marie.

FYI - I just got some additional info about this, it is not in place yet, but I hope it will help this issue. Maybe the info will be helpful for others out there...

policy-map global_policy

class class-default

flow-export event-type all destination x.x.x.x yy

chris.lapoint

Here's a document we created on how to configure Cisco ASA export NetFlow for NTA: http://knowledgebase.solarwinds.com/kb/questions/795/Configuring+Cisco+ASA+devices+for+use+with+Orion+NTA

lchance

This is NTA 3.6

And I've just confirmed by using Wireshark that the Orion server is receiving Netflow v9 packets from this ASA.

But I can never get it manually or automatically to show up as a source inside NTA.

Do I need to open a support ticket for this or is there something I'm missing?

chris.lapoint

Is it receiving any templates? One of the issues we've seen is if you don't set the template timeout rate appropriately (i.e. every 1 minute), we won't be able to decode the packets we're receiving. If that isn't the issue, then yes, I'd recommend submitting a ticket and we'll dig into this further.

lchance

Chris,

When you ask if it is receiving any templates, I guess you mean the 'Flowset' (?) If so, then yes.

I will confirm the Template Timeout value. Is this a value adjusted to the environment or else 1 minute is always best? Just wondering if we should increase it.

chris.lapoint

What version of Cisco ASA release are you running? I know we had some issues with some older Cisco ASA software release versions where interfaces were being reported with the wrong indexes in flows preventing us from mapping them in Orion. Are you seeing any "received flow" events on the NTA summary view for the Cisco ASA?

mcbridea

It looks like the ASA is only exporting templates. The OS version and some detail on the config will help.

lchance

Chris & Andy,

This is 8.2(3)

Is that my problem?

mcbridea

8.2(3) should be OK. I have seen this issue when an exporter has a destination to collector configured but the config for the flow is a problem. Have you checked your config against the KB posted? I know the ASA has a limited set of show commands available but if there is something analogous to 'show ip flow export' that would help isolate the issue.