This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NETFLOW data not received from external router through ASA Firewall

Hi

i'm using external cisco ROUTER 3640 running software version 12.1 , I configured it to send netflow data TO a server (wich is in my internal network) running solarwinds NPM v10.4.1 , and NTA v3.10 . the netflow data is supposed to flow through a Cisco ASA Firewall 5510

Router 3640 (F0/0) ====== (Ethernet 0/0) ASA Firewall 5510 ====== server running NTA (10.13.67.79)

the problem is that i'm unable de receive the netflow in my server 

ROUTER config

interface FastEthernet0/0

description *** Link to Firewall ***

bandwidth 1000

ip address 196.20.66.145 255.255.255.240

ip route-cache flow

ip policy route-map Traffic_to_SLC

speed 100

full-duplex

ip flow-export source FastEthernet0/0

ip flow-export version 5

ip flow-export destination 196.20.66.157 2055

Firewall Config

static (inside, outside) 196.20.66.157 10.13.67.79 netmask 255.255.255.255

access-list NETFLOW extend permit udp host 196.20.66.145 host 196.20.66.157 eq 2055

access-group NETFLOW in interface outside

any ideas to help me ???

thank's

  • You might try using the post-NAT address in your ACL. I can't remember how older ASA code handles this (I know you're running something older because of the "static" syntax), so no guarantees that it'll work:

    access-list NETFLOW extend permit udp host 196.20.66.145 host 10.13.67.79 eq 2055