2 Replies Latest reply on Nov 9, 2015 12:44 PM by acgarton

    Cisco ASA NetFlow is not detected on the selected interface

    swindsor

      Hello,

       

      Has anyone got RTNA working with Cisco ASA firewalls?  I have an ASA5512 running 9.1(5) which I've configured as follows:

       

      flow-export destination <interface> <ip address> 2055

      access-list global_mpc extended permit ip any any

      class-map global_class

      match access-list global_mpc

      policy-map global_policy

      class global_class

        flow-export event-type all destination <ip address>

      service-policy global_policy global

       

      When I enter the SNMP community into RTNA (version 10.8.0.5), I see the hostname of our ASA, and all the interfaces listed along with their current utilisation, but without anything in the "Flow Type" column.  When I select any interface and click the "Start Flow Capture button", it gives me the error "NetFlow is not detected on the selected interface".  I have confirmed with Wireshark that the NetFlow data is hitting my PC and with TCPView that NetFlowRealtime.exe is listening on port 2055/UDP.  As per http://thwack.solarwinds.com/thread/51798#181807 I deleted the SNMP community and restarted, and I still saw the interfaces, but without the utilisation.  I've tried graphing a 2801 router and this worked successfully, though I did set this up using NetFlow Configurator, which I can't do with the firewall because it doesn't support SNMP set.

       

      Thanks

       

      Stephen

        • Re: Cisco ASA NetFlow is not detected on the selected interface
          hammondo

          Hello Stephen,


          I just checked my ASA 5520 config and the netflow-related items match yours so I believe you are good to go on the ASA side of things - I had the NetFlow tool Scrutinizer running on this same server (I am now running RNA on this server) before, and it showed NetFlow data for my ASAs.  I too am not having luck in getting the RNA to work with my ASAs however - I also see nothing in the Flow Type column for the ASA's interfaces yet I see traffic data for them, in RNA.  I also get that error when I select an interface with traffic data, and click Start Flow Capture.  I too have confirmed that the udp 2055 traffic is hitting the server and that per my netstat -an output the server is listening on udp 2055.  And I double-checked and see that no other netflow applications are running on this server.  I'll certainly advise if I find anything out.  Thanks!

           

          Steve

          • Re: Cisco ASA NetFlow is not detected on the selected interface
            acgarton

            ASAs and Solarwinds don't play well together sometimes.  There was an issue where Solarwinds did not support the NSEL flexible template format that ASAs used.  This was apparently fixed in NTA, but I don't know about RTNA.  The ASA netflow format is a bit wacky in fact - there are several collectors that have problems reading the data.  You are in a bit of a catch 22 here, just sit and hope someone has got it to work here on Thwack, or buy NTA, which you would get support for, but not need because NTA seems to collect ASA flows properly.