All of you must have already heard about Cisco ASA now supporting NetFlow export through a flow format called NetFlow Secure Event Logging (NSEL ). This now provides users the ability to do almost real time traffic analysis and bandwidth monitoring on their firewall devices too. NetFlow support from ASA received very excellent responses from users because of which we at NetFlow Analyzer started support for not just plain ASA NetFlow reports but also for NATed information available in the ASA NetFlow packets.
With NetFlow support, I am sure a number of users out there will like to know the best and easiest way to configure ASA for NetFlow export. Check out the steps below to configure NetFlow export on ASA via ASDM:
Configuring Flow Collector:
In ASDM, under Configuration go to Device Management > Logging > NetFlow
Here, you can set the NetFlow Analyzer server IP address, the ASA interface through which NetFlow packets are to be exported and the NetFlow listener port (By default it is 9996). When you choose the interface, select the interface which connects to the server where NetFlow Analyzer is installed. You can also set the template packet send frequency and disable syslogs that are redundant after the NetFlow information extraction.
Set the template time out rate as 1 minute and delay transmission of flow creation events for short-lived flows to be 60 seconds.
Then click on Apply to write the commands on ASA.
Configuring NetFlow information extraction:
To enable the ASA to start sending information to the NetFlow Analyzer defined above you need to go to Firewall > Service Policy Rules.
Then you need to create a new service policy that needs to be applied GLOBALLY.
And then define the collector that statistics for this traffic will be sent to (was defined initially).
Once the service policy is created click on Apply to write the commands on ASA.
To configure Cisco ASA through CLI click here .
Once the configuration is complete, NetFlow data will be exported and you will start seeing results in NetFlow Analyzer.