5 Replies Latest reply on Dec 24, 2014 12:55 PM by choly

    Netflow appears different between ASA and edge router

    ctrader

      I have setup netflow on both our ASA and our edge router.  When I look at the Netflow graphs in Solarwinds for the edge router, it correlates with what I am seeing on the SNMP graphs.  However, when I look at the Netflow graphs in Solarwinds for the ASA, it doesn't correlate with what I am seeing on the SNMP graphs for the same interface.  I did some looking around, and it looks like the ASA doesn't actually send information about a flow until the connection is torn down.  This results in spikes appearing on the graphs.  Is there a way to change something on the ASA so that I don't see spikes, and instead see the actual flow of traffic like I do with the edge router?  The ASA is using Netflow v9.  Below are some graphs that will hopefully help with this.  The other issue that I am having is that our "outside" interface on the ASA looks like Netflow has the ingress and egress reversed.

       

      NOTE: Our internet connection is a 20Mbps symmetrical service

       

      Here is what I see for utilization on the ASA using SNMP (blue ingress, green egress):

      asa_snmp.PNG

      Here is what I see for traffic on the ASA using Netflow (ingress):

      asa_netflow_ingress.PNG

       

      Here is what I see for traffic on the ASA using Netflow (egress):

      asa_netflow_egress.PNG