Cisco ASA NetFlow is not detected on the selected interface

Hello,

Has anyone got RTNA working with Cisco ASA firewalls?  I have an ASA5512 running 9.1(5) which I've configured as follows:

flow-export destination <interface> <ip address> 2055

access-list global_mpc extended permit ip any any

class-map global_class

match access-list global_mpc

policy-map global_policy

class global_class

  flow-export event-type all destination <ip address>

service-policy global_policy global

When I enter the SNMP community into RTNA (version 10.8.0.5), I see the hostname of our ASA, and all the interfaces listed along with their current utilisation, but without anything in the "Flow Type" column.  When I select any interface and click the "Start Flow Capture button", it gives me the error "NetFlow is not detected on the selected interface".  I have confirmed with Wireshark that the NetFlow data is hitting my PC and with TCPView that NetFlowRealtime.exe is listening on port 2055/UDP.  As per http://thwack.solarwinds.com/thread/51798#181807 I deleted the SNMP community and restarted, and I still saw the interfaces, but without the utilisation.  I've tried graphing a 2801 router and this worked successfully, though I did set this up using NetFlow Configurator, which I can't do with the firewall because it doesn't support SNMP set.

Thanks

Stephen

Parents
  • ASAs and Solarwinds don't play well together sometimes.  There was an issue where Solarwinds did not support the NSEL flexible template format that ASAs used.  This was apparently fixed in NTA, but I don't know about RTNA.  The ASA netflow format is a bit wacky in fact - there are several collectors that have problems reading the data.  You are in a bit of a catch 22 here, just sit and hope someone has got it to work here on Thwack, or buy NTA, which you would get support for, but not need because NTA seems to collect ASA flows properly. emoticons_sad.png

Reply
  • ASAs and Solarwinds don't play well together sometimes.  There was an issue where Solarwinds did not support the NSEL flexible template format that ASAs used.  This was apparently fixed in NTA, but I don't know about RTNA.  The ASA netflow format is a bit wacky in fact - there are several collectors that have problems reading the data.  You are in a bit of a catch 22 here, just sit and hope someone has got it to work here on Thwack, or buy NTA, which you would get support for, but not need because NTA seems to collect ASA flows properly. emoticons_sad.png

Children
No Data