« Scrutinizer v7 NetFlow and sFlow Analyzer: Status page overview
Test your NetFlow configuration with Flowalyzer »

Setting up the ASA to export NetFlow using Cisco ASDM 6.2

Posted in NetFlow on September 16th, 2009 by mike@plixer.com
setting-up-the-asa-to-export-netflow-using-cisco-asdm-6-2

Get started with Cisco ASDM 6.2
To setup the NetFlow export from your ASA which must be running version 8.2.1 or newer, bring up the Cisco ASDM (Adaptive Security Device Manager) and setup the NetFlow exporters:

loveMyTool4
Then, go to the Firewall configuration and create and ACL matching ANY to ANY:
 

loveMyTool3

Edit the ACL above, apply a NetFlow rule action for the event types (e.g. ALL). Up to five collectors can be entered. See below:
 

loveMyTool2

As traffic passes through the firewall, NetFlow will start getting exported for the different template types.

Where is the NetFlow from the ASA?
Scrutinizer displays the NetFlow by clicking on the word ‘Graph’ when viewing the NetFlow Templates.  Beware, not all templates can be graphed so, expect an error message. Here is how Scrutinizer v7 displays the templates:

 

loveMyTool1

Access to the raw messages is also possible on ALL the templates by clicking on “Flow View”.  Flow View displays all the fields kicked out by the template:

 

loveMyTool5

This report can be very interesting as you see data often left out in some reporting tools.  Read about some limitations when Scrutinizer reports on NetFlow from the ASA at the bottom of this blog.

It’s all in the templates
NetFlow v9 uses templates and this is the big difference between v9 and the most popular version of NetFlow which is v5.  NSEL uses Flexible NetFlow which is based on NetFlow v9.  The three most popular event types that trigger a NetFlow record are.
* flow-create
* flow-denied
* flow-teardown

NOTE: The above ‘no XLATE’ template is created when no NAT translation is done. IPv6 also comes in as unique templates.

You can trend and view the above data with Scrutinizer v7. You can download Scrutinizer here.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter
Share and Enjoy:
  • Digg
  • StumbleUpon
  • Reddit
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Technorati
  • Twitter
  • email
  • Print
Tags: , , , , , , , , , , , , ,

This entry was posted on Wednesday, September 16th, 2009 at 1:58 pm and is filed under NetFlow. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Setting up the ASA to export NetFlow using Cisco ASDM 6.2”

  1. Setting up Cisco NetFlow security event logging for Cisco ASA - NetFlow & sFlow Network Monitoring - Systrax Says:
    September 17th, 2009 at 3:16 pm

    [...] above is CLI, but NetFlow can be configured in the Cisco ASDM GUI by [...]

  2. Setting up SNMP on the Cisco ASA using ASDM - NetFlow & sFlow Network Monitoring - Systrax Says:
    September 24th, 2009 at 4:12 pm

    [...] support for Cisco ASA firewalls is a hot topic around here lately. Since Mike helped you get NetFlow configured using ASDM 6.2 on your Cisco ASA, I thought I might blog about how to configure SNMP on your Cisco ASA using [...]

  3. mike@plixer.com Says:
    November 21st, 2009 at 5:30 am

    We have been getting a few calls with questions on the uniqueness of the NetFlows exported by the Cisco ASA. Check out this PDF:
    http://www.plixer.com/files/netflow-on-the-asa-11-18-09.pdf

  4. Best of the Best – NetFlow Blogs - NetFlow & sFlow Network Monitoring - Systrax Says:
    December 11th, 2009 at 10:54 am

    [...] configurations for: Catalyst 6509 2810 Procurve ASA 5500 (CLI, ASDM) Cisco 7600 [...]

  5. ASA NetFlow configurations. What should I know? - NetFlow & sFlow Network Monitoring - Systrax Says:
    January 15th, 2010 at 6:17 pm

    [...] and he was wanting to know how to see his ASA flows. I first wanted to make sure that he had configured it correctly, so I asked [...]

Leave a Reply