1 Reply Latest reply on Nov 13, 2012 9:52 AM by richcol

    NTA 3.10 with ASA 5505 8.2(4) - no received netflows

    richcol

      I have downloaded a trial version of Solarwinds NTA 3.10.0 and am attempting to collect Netflow from an ASA 5505 running 8.2(4)4. I have followed the instructions in the KB for "Configuring Cisco ASA devices for use with Orion NTA", have managed all Cisco ASA interfaces in Orion and added them all as monitored sources in NTA and been through the document "Best Practices for Troubleshooting NetFlow".

       

      A Wireshark trace running on the PC where the Orion trial NPM and NTA is running shows the Netflow (CFLOW) packets arriving form the ASA - the templates are present but with just "Flowset 1" showing in the trace. The NTA shows it has never received a Netflow packet from the ASA. I have been through the previous KB cases relating to ASAs with NTA. I have included the ASA 5505 Netflow configuration below and an output showing the flow export counters. Has anyone else seen this issue? Could it be an issue with running the trial software on a PC/laptop as opposed to a server?

       

      TestASA-1# show flow-export counters

       

      destination: inside 10.0.17.29 2055

        Statistics:

          packets sent                                             2631

        Errors:

          block allocation failure                                    0

          invalid interface                                           0

          template send failure                                       0

          no route to collector                                       0

       

      flow-export destination inside 10.0.17.29 2055

      flow-export template timeout-rate 1

      flow-export delay flow-create 60

      !

      access-list netflow-export extended permit ip any any

      !

      !

      class-map netflow-export-class

      match access-list netflow-export

      !

      policy-map global_policy

      class inspection_default

        inspect h323 h225

        inspect h323 ras

        inspect rsh

        inspect rtsp

        inspect sqlnet

        inspect skinny 

        inspect sunrpc

        inspect xdmcp

        inspect sip 

        inspect netbios

        inspect tftp

        inspect icmp

        inspect ftp

        inspect snmp

      class netflow-export-class

        flow-export event-type all destination 10.0.17.29

      !

      service-policy global_policy global