5 Replies Latest reply on Mar 31, 2011 9:00 AM by jeff.stewart

    netflow analyzer on asa 5505

      I downloaded and installed solarwind real-time netflow analyzer.

      I have a cisco asa 5505 running IOS 8.3(x) and setup snmp community v2

      I configured the netflow on it using the following command.

      (config)# flow-export destination inside 10.2.2.2 2055
      (config)# flow-export template timeout-rate 1
      (config)# flow-export delay flow-create 60
      (config)# logging flow-export-syslogs disable
      (config)# access-list netflow-export extended permit ip any any
      (config)# class-map netflow-export-class
      (config-cmap)#match access-list netflow-export
      (config)# policy-map netflow-export-policy
      (config-pmap)# class netflow-export-class
      (config-pmap-c)# flow-export event-type all destination 10.2.2.2

       

      In netflow analyzer configuration, I was able to see the asa 5505 using the snmp community. It shows me the traffics in all interfaces going in and out. However I can't click on inside interface to show me the network.  When I do that, it tells me the netflow is not setup on this interface. 

      What else I need to do so I can use this product?

       

      thanks

        • Re: netflow analyzer on asa 5505
          Donald_Francis

          I think the policy needs to be applied to the global policy that is there by default.  Below is the template I use.

           

          access-list netflow-hosts extended permit ip any any

          !

          flow-export destination inside 10.x.x.x 2055

           

          class-map NetFlow-traffic

          match access-list netflow-hosts

          !

          policy-map global_policy

           

          class NetFlow-traffic

          flow-export event-type all destination 10.x.x.x

            • Re: netflow analyzer on asa 5505

              Hello Donald,

              Thanks for the reply. Per your suggestion, I did added it to the global_policy instead of its own policy.  I still have same problem. In real-time analyzer, I can see the traffics in and out on all interfaces including the inside interface. However, there is nothing for sending netflow section so I can start capturing it.

              I am not sure if there is a bug with cisco IOS v8.3 or what. I was able to download netflow anlyzer from ManageEngine, and it picked up the netflow traffic. 

              I am just stumped that why I can see it on solarwinds netflow.

               

              Thanks

            • Re: netflow analyzer on asa 5505
              Donald_Francis

              I think you need to add your policy to the global policy.  Below is the config I use.

               

              access-list netflow-hosts extended permit ip any any

              !

              flow-export destination inside 10.x.x.x 2055

               

              class-map NetFlow-traffic

              match access-list netflow-hosts

              !

              policy-map global_policy

               

              class NetFlow-traffic

              flow-export event-type all destination 10.x.x.x

              • Re: netflow analyzer on asa 5505
                Donald_Francis

                I think you need to apply your policy to the global policy.