Cisco has changed its ways! Cisco ASA now supports NetFlow. The new feature in Cisco ASA version 8.2 is called NSEL (NetFlow Security Event Logging) and it allows all ASA models to support NetFlow. Below I have provided the NetFlow configuration of a Cisco ASA.Three event types can trigger a NetFlow record.
flow-export destination inside x.x.x.x xxxx(Collector & Port)
access-list flow_export_acl permit ip host x.x.x.x host x.x.x.x
class-map flow_export_class
match access-list flow_export_acl
policy-map flow_export_policy
class flow_export_class
flow-export event-type flow-creation destination x.x.x.x(Collector IP)
service-policy flow_export_policy global
To see all event type records with NetFlow
event-type all
If you disable logging for flow export events this will increase performance
logging flow-export syslogs disable
- Conf Configuration-Firewall->Service Policy Rules.
- Click Add->select “Use class-default as the traffic class”->Next->Netflow (tab)->Add (check the collector(s) you want to use)->Finish->Apply.
* flow-create
* flow-denied
* flow-teardown
Hello,
ReplyDeleteHere is some more information on NetFlow from the ASA:
http://www.plixer.com/blog/netflow/setting-up-the-asa-to-export-netflow-using-cisco-asdm-6-2/
Also, some issues with it:
http://www.plixer.com/files/netflow-on-the-asa-11-18-09.pdf
Have Fun.
Mike