msgbartop
msgbarbottom

15 Nov 12 Configuring Netflow on Cisco ASA 5520

Cisco ASA 5520 Netflow Configuration Example

Cisco Netflow is a pretty awesome tool. It really gives you a deep insight into your network, bandwidth utilization. Recently I had to configure Netflow on a Cisco 5520 and just sharing my notes. There are basically 3 parts to it, 1- Create a destination and configure attributes, 2- Access list, 3- Creating a policy map. Correct me if I am wrong but I believe you need at least 8.2.x code on the ASA Firewall for Netflow V9. Anything below Netflow v9 is not supported on the Cisco ASA any ways.

So I was using Cisco ASA 5520, running 8.4.3 code. Here are my steps:

flow-export destination inside netflow-server-ip 2055 (2055 is the port)
flow-export delay flow-create 30 (Short identical flows as one)
flow-export template timeout-rate 1 (1 min is by default)
!
access-list netflow-hosts extended permit ip any any (Access list for netflow)
class-map netflow-traffic (Define a class for netflow)
match access-list netflow-hosts (Map the access list created earlier to the class)
!
policy-map global_policy (enter global policy)
class inspection_default
class netflow-traffic (This maps the class created earlier to the Policy)
flow-export event-type all destination netflow-server-ip (This tells the class to send all events to the destination)

So this is a pretty straightforward example of how I configured Netflow on the Cisco ASA 5520 running 8.4.3 code. Then I fired up wireshark on the Netflow server and I was able to see all the Netflow traffic. Under Protocol Column in Wireshark you will see it as CFLOW. I recommend that you can check out other resources on Cisco’s website or Google to get even better understanding of Cisco Netflow and how to implement it in different devices.

Tags: , , ,

Leave a Comment

WordPress SEO