Solved

Netflow on Cisco ASA 5505

Posted on 2009-07-03
3
4,017 Views
Last Modified: 2013-11-16
I am running 8.2.1 on a couple Cisco ASA 5505's at 2 different sites. The sites are connected via a site to site VPN.  I have successfully configured netflow on the ASA at site 1 to report to a local application. I am having difficulty getting the ASA at site 2 to communicate with the app at site 1. On the site 2 ASA, I have run the following commands:


flow-export destination outside 12.12.12.12 2055
flow-export template timeout-rate 5
flow-export enable

12.12.12.12 represents the public IP at site 1. The software vendor prefers that the netflow traffic is sent to the public IP rather than over the VPN to site 2's private address (192.168.100.1). I have verified (sh flow-export counters) that packets are being sent from site 2.

I have the following in the asa config at site 1.

access-list outside_in extended permit tcp any any eq 2055
access-list outside_in extended permit udp any any eq 2055
access-group outside_in in interface outside

static (inside,outside) tcp interface 2055 192.168.100.10 2055 netmask 255.255.255.255
static (inside,outside) udp interface 2055 192.168.100.10 2055 netmask 255.255.255.255

when I do a 'sh access-list outside_in' I don't see any matches.


Can anyone see an obvious error with this? It looks ok to me...I even threw in TCP/UDP just to cover the bases. Any help is appreciated.

0
Comment
Question by:FIFBA
3 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24773620
I don't see anything wrong with the code you have.  

Is site1's ASA reporting any dropped packets in the Syslog?  

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 24774601
>access-list outside_in extended permit udp any any eq 2055
ASA likes the keyword "interface" best...

access-list outside_in extended permit udp any interface outside eq 2055

Else I would highly suggest just going through the vpn  tunnel and telling the vendor to deal with it.

0
 
LVL 1

Expert Comment

by:jakemichaelwilson
ID: 25194328
Scrutinizer is free and it support NetFlow from the Cisco ASA Firewall:
http://www.plixer.com/products/netflow-sflow/free-netflow-scrutinizer.php

Here is how to configure it:
http://www.plixer.com/blog/netflow/netflow-security-event-logging-with-the-cisco-asa/ 

Mike
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3750G swithces stack question 3 26
CCNA lab 6 42
Cisco Trunk question 4 30
Fortigate 200B - Invalid IP Address Range when trying to create 3 36
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question