Netflow Configuration on ASA

(Zoltan B) #1

I need to configure netflow on the Cisco ASA firewalls. We have Riverbed Cascade gateways that the routers send flows and the gateways, after de-duplication, send the flows to the Profiler to display. I did not see any configuration about the netflow on the ASA that I could use for testing. We have something similar configured on our routers, but the ASA does not support most of the commands, like the collect command. Here is what I would like to use and would like someone from the group to take a look at it:

flow-export destination inside 4000
flow-export template timeout-rate 15 

flow-export active refresh-interval 30 

flow-export delay flow-create 10 

class-map flow-export-class
 match any

policy-map global_policy
 class flow-export-class
 flow-export event-type all destination

Since we already have a global policy-map I need to embed the class-map into the existing policy-map


(Rene Molenaar) #2

Hi Zoltan,

One thing that comes to mind is that if you use a class-map with match any and add it to your global policy like this, it won’t process your inspect rules.