Trouble viewing Netflow data from ASA5510

[mbrooks@esi911.com]

Hi, I have configured my ASA5510 to export netflow to my Scrutinizer v8.6.1.14902 collector. All indications are the collector see's the netflow data as the device has showed up and under devices I can see the interfaces after updating via SNMP. I cannot seem to figure out how to view any data at all from the ASA. Everything shows no data and no templates. Other routers and switches are working fine. Have already verified that the Template timeout is set to 1 minute and the transmission delay is set to 15 seconds. Please help.

Thanks,
Mike

[BenjaminM]

Are you running the free version or the evaluation version?
-The evaluation version has full functionality while the free version is limited.
If the Device showing up in Scrutinizer? If it is gray, than the devices may be set to inactive in the device details? (located in the admin tab under definitions)
If you have Wireshark, you can go to edit> preferences >protocols>UDP and then verify UDP Checksums. If you inspect one of the netflow packets and the checksums are not correct than the operating system is throwing them away before they get to scrutinizer.

[mbrooks@esi911.com]

Ok, device is/was enabled and checksums are correct according to Wireshark. Wireshark running on the collector definitely shows plenty of CFLOW netflow v9 traffic coming from the ASA.

Thanks,
Mike

[mbrooks@esi911.com]

Sorry, I missed answering your other question.... I am using the 'Free' version.

Mike

[mpatters]

Hello,

Did you setup the ASA to export NetFlow correctly? http://media.plixer.com/screencasts/ciscoAsaConfigurationUsingAsdm/ciscoAsaConfigurationUsingAsdm.html

I've also posted a video on reporting on NetFlow from the ASA:
http://media.plixer.com/screencasts/scrutV7ASA/scrutV7ASA/scrutV7ASA.html

I hope these help.

Mike

[mbrooks@esi911.com]

Ok, it appears the ASA is setup correctly to export Netflow to my collector. Running Wireshark on my collector I see many packets of Netflow traffic being sent to the collector from the ASA. I simply can't seem to figure out where to view the flows etc inside Scrutinizer. The ASA device shows up in the device explorer however when I click 'Show Interfaces' it reports 'There are no interfaces that match your search'.

[BenjaminM]

Hello Mike,

How many devices are you currently receiving NetFlow from? If you are running the free version as opposed to the evaluation version than Scrutinizer only supports 5 devices. If the ASA is the 6th than you may be experiencing these symptoms.

What color is the icon for the ASA in the device explorer?

What version of the ASA software are you running?

[mbrooks@esi911.com]

The ASA is only the third device. All three icons are green in the device explorer panel. ASA is running 8.2(5). ASDM version is 6.4(5).

Thanks

[BenjaminM]

Can you call into our Presales Tech Support line? 207-324-8805 x257

[mbrooks@esi911.com]

Ok I called in Monday afternoon and the guy who answered advised everyone was tied up at that time and that someone would return my call. So far I have not heard from anyone.

Thanks,
Mike

[BenjaminM]

Hello Mike,

We only provide Technical Support over the phone for customers who own the product or who are evaluating to purchase. Support for free customers can only be provided through the forums here. I apologize for the inconvenience.

Have you had a chance to view our blog post on configuring ASA via ASDM?
http://www.plixer.com/blog/netflow/sett ... -asdm-6-2/

[mbrooks@esi911.com]

Ok I understand. Was simply following the instructions that were posted above. I have reviewed and followed the instructions posted above Not sure where to go from here.

Mike

[tomp]

Can you post portions of your config related to NetFlow,

For instance, here is part of mine:

flow-export destination Inside xxx.xxx.xxx.xxx 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15
!
class-map flow_export_class
match any
!
policy-map global_policy
description flow_export_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class flow_export_class
flow-export event-type all destination xxx.xxx.xxx.xxx

[tomp]

Additionally: what image version are you running on your ASA?

[mbrooks@esi911.com]

name xxx.xxx.xxx.xxx mbrooks-pc
flow-export destination Inside mbrooks-pc 9996
flow-export template timeout-rate 1
flow-export delay flow-create 15

class-map global-class
match any

policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect pptp
inspect http
inspect ip-options
class global-class
flow-export event-type all destination mbrooks-pc
class class-default
!

I am running ASA image 8.2(5). ASDM is 6.4(5).

Thanks,
Mike