Cisco Firewall :: Flow Export From ASA5505 To Netflow Collector
Mar 21, 2013
I have three ASA5505, two firewalls connected to central VPN hub. the central inside network is 192.168.0.0/24,Network A is 192.168.1.0/24,Network B is 192.168.2.0/24,In one of this site (central), I have server with NetFlow collector.,I will collect the traffic information from all ASA at the my one serverCan I configure source IP address (or source interface - inside) for NetFlow packet, originate from ASA? (for example from site A)If it is not possible I think, I can rewrite my access lists and permit udp traffic from outside interface to server IP like this:access-list VPNACL permit udp host <Outside IP site A> host <Inside IP the Server> eq 9996,But I do not understand, what port I must be use in access list on Central site ASA. ,access-list VPNACL_A permit udp host <Inside IP the Server> host <Outside IP site A> eq 9996 ? or, in this place, must be source port in the udp netflow packet?
View 2 Replies
ADVERTISEMENT
Feb 17, 2004
Using Netflow on Cat 6500s with the NAM-2 as the collector?
View 7 Replies
View Related
Nov 8, 2012
How does one find the top user or IP accounting with this ASA5505 v7.22 device?
-With 1841 ISR:
-sh ip accounting
-sh ip flow top
Very lame if they don't have similar commands or capabilities on the ASA series.
View 1 Replies
View Related
Dec 4, 2012
Can ASA 5510 be configured as bridge mode and still send Netflow info to a collector?ie have a PIX connect internal network to internet. Because PIX does not support NetFlow, as a temporary solution, we were thinking of putting an ASA 5510 between the PIX and internet gateway, and configure it as a bridge so that there will be no routing issues, and the ASA can still send Netflow info to a collector.
View 2 Replies
View Related
Dec 4, 2012
Can ASA 5510 be configured as bridge mode and still send Netflow info to a collector?We have a PIX connect internal network to internet. Because PIX does not support NetFlow, as a temporary solution, we were thinking of putting an ASA 5510 between the PIX and internet gateway, and configure it as a bridge so that there will be no routing issues, and the ASA can still send Netflow info to a collector.
View 1 Replies
View Related
Jan 19, 2012
Does the Cisco WS-C3560X-24P-S switch supports ip flow export?
View 1 Replies
View Related
Mar 7, 2012
I am using a Thrid party NetFlow tool, Enabled NetFlow on the Cisco 6500 as per recommendations and getting only half amout of traffic passing thorugh the interfaces. I have verified with 3 different NetFlow based tools, everything showing the same value. Is there any bug in my Cisco 6500.
View 2 Replies
View Related
Nov 3, 2011
To enable netflow export on ASR1001, do i need the firewall feaure license or not ?Docs are not really clear, NBAR requires FW license, but i am unsure about Netflow?
View 1 Replies
View Related
Mar 13, 2012
I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) xxx.xxx.83.253 (Unknown)
[code]....
View 7 Replies
View Related
Aug 28, 2012
Is it possible to have one netflow export profile (may not be the right word...) to send all the flow information to one collector and another profile to only send traffic to and from centain IP addresses to another collector? If it is possible on the hardware and software, any quick sample config?
#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH4,
#sho module 7
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
7 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1115LJBR
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
7 0017.9444.9814 to 0017.9444.9817 5.3 8.4(2) 12.2(33)SXH4 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
7 Policy Feature Card 3 WS-F6K-PFC3B SAL1115L2NH 2.3 Ok
7 MSFC3 Daughterboard WS-SUP720 SAL1115LH7W 2.6 Ok
Mod Online Diag Status
---- -------------------
7 Pass
View 2 Replies
View Related
Aug 17, 2011
Cisco 2951 w/ HWIC-4ESW
IOS 15.0(1)M5
#sh ip flow int
Vlan533
ip flow ingress
ip flow egress
#
The SVI sends the flow data just fine, however I also continue to receive flow data from most other interfaces.
I have attached a screenshot of one of our netflow collectors indicating that many of the interfaces are sending flow data even though not configured to do so. We have two different netflow collectors, from different vendors and both confirm the same interfaces sending flow data.
Normally I wouldn't care and ignore it, however one of them uses a license limit by interface and is a bit problematic.
View 2 Replies
View Related
Jul 11, 2012
I have P router (7206VXR) and I need to export netflow from its MPLS interfaces to the netflow software.
View 2 Replies
View Related
Oct 14, 2012
I have new ASA 5520 units currently we are using ASA 5510... I have to migrate all the configuration to the new ASA 5520 units....I am wondering is there a possible way to export and import certificates from ASA 5510 to 5520....
how to export or copy all the configurations, plug-ins, certificates from 5510 to 5520.Existing configuration snapshot...CA certificates from third party installed for authentication and identity certificate from Verisign
WebVPN
Anyconnect
Plug-ins
IPSEC tunnels
NAT
View 1 Replies
View Related
Oct 17, 2012
I think packet flow is changed in 8.3 IOS and above.We are using private NAT for ouside traffic.why we are using private IP for outside traffic?
View 1 Replies
View Related
Feb 14, 2012
how to export objects (net and security) from an ASA 5500 firewall to a .csv file?
View 1 Replies
View Related
Aug 30, 2012
I've been thinking about this for a while and I can't seem to find a comforting answer: Assume you have three datacenters connected over a WAN. Each datacenter has its own Internet and firewall, and each firewall has a trusted network, untrusted network (Internet), and DMZ: [code]
-DMZhostA has inbound access from the Internet over port X.
-DMZhostB has outbound access to DMZhostC over port Y.
-DMZhostC has outbound access to the trusted network over port Z.
If DMZhostA gets compromised from the Internet, the attacker can indirectly access the trusted network through DMZhostC, assuming the services running on the given ports are vulnerable/poorly secured.How do you track this web of access? This is a simple scenario with just three firewalls and datacenters, but it gets proportionally more complex and harder to track as the network gets larger. Manually tracking the traffic flow seems tedious, slow, and inefficient.
View 5 Replies
View Related
Jun 13, 2012
I am fairly new to configuring ASA's. I have an ASA 5505 with one outside interface and three inside interfaces (inside1, inside2, and management). I need inside1 and inside2 to be able to talk to eachother but cannot work out how to make this happen. They are both configured to the same security level and the 'Enable traffic between interfaces with same security level' box is ticked. I have also tried adding appropriate NAT and Access rules. The packet tracer suggests the rules are correct for allowing traffic flow between interfaces but obviosly this may not be the case.
View 14 Replies
View Related
Mar 13, 2012
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
View 2 Replies
View Related
Oct 21, 2011
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
View 1 Replies
View Related
May 4, 2011
I am using ASA 5510 and I have a specific problem with Http Connection to receive a video Flow ( RSTP protocol ) in the LAN. Some Pc users (192.168.1.133,in the log) with ASA Lan Interface as gateway can ping the Camera but don't receveive the video flow.Some Pc users (192.168.1.116,in the log) using another gateway can ping and receive the video flow. I used Whireshark to capture traffic between camera and Pc using the 2 gateway. I joined Logs with this message.It seems to be a problem of TCP segments on the ASA, I try to changed some TCP options but it's still the same:- Disable Force Maximum Segment Size- Enable Force TCP Connection to Linger in TIME_WAIT State for at Least 15 Second.
View 7 Replies
View Related
May 28, 2013
I am attempting to allow traffic from one vlan to another.Vlan 1 is on Interface 0/2.vlan1Vlan 2 is on int 0/3.vlan2Each vlan can communicate inside it's own vlan, and the gateway on each responds to vlan specific clients My problem is that I am unable to communicate between the two vlans. Using the ASDM packet tracer tool, I find that packets are denied by the default rule (on the second Access List lookup). It appears as if the packet never reaches the other interface. The access rules are set up to allow traffic from one vlan to another (inbound), on both interfaces. Testing from either vlan to connect to the other fails. Below are the accee-rules for each vlans. Once I get basic connectivity working.
access-list aVlan1; 3 elements; name hash: 0xadecbc34
access-list aVlan1 line 1 extended permit ip any 192.168.151.64 255.255.255.192 (hitcnt=0) 0xeb0a6bb8
access-list aVlan1 line 2 extended permit ip any 192.168.151.128 255.255.255.128 (hitcnt=0) 0x3a7dfade
access-list aVlan1 line 3 extended permit ip any 192.168.151.0 255.255.255.0 (hitcnt=0) 0x93302455
access-list aVlan2_access_in; 3 elements; name hash: 0x6dc9adc7
access-list aVlan2_access_in line 1 extended permit ip 192.168.151.64 255.255.255.192 192.168.150.0 255.255.255.240 (hitcnt=0) 0x054508b7
access-list aVlan2_access_in line 2 extended permit ip 192.168.151.128 255.255.255.128 192.168.150.0 255.255.255.240 (hitcnt=0) 0xc125c41e
access-list aVlan2_access_in line 3 extended permit ip host 192.168.151.3 192.168.150.0 255.255.255.240 (hitcnt=0) 0x4adc114c
View 19 Replies
View Related
Feb 16, 2012
I am looking for the way to define an idle timeout for specific flows on an ASA5580 by using Cisco security manager. For ex I needed to define a specific idle timeout for connections beetween specific devices (Devices in vlan1, Device2 in vlan2).To test it I did following changes by CLI and it works fine. access-list L1 extended permit ip <@IP1> <mask1> host <@IP2> class-map CM1 match access-list L1 policy-map PM1 class CM1 set connection timeout idle 02:00:00
I try do do the same configuration with CSM in order to be able to manage each changes only by using CSM.So I defined Access control list, Traffic flow and then I define timeout in CSM --> PIX/ASA/FWSM Platform --> Service Policy Rules --> IPS, QoS and Connections Rules -> connections settings -> Traffic flow idle time-out. The problem is that each time I deploy the configuration with CSM I loose the timeout config line which is the most important for my application..
View 2 Replies
View Related
Aug 22, 2011
5505 ASA, 8.2(1) ,We can not get it to report Netflow to the collection agent at 192.168.1.34. Here is the commands I've entered:
asa# show run | i flow
access-list netflow-export extended permit ip any any
flow-export destination inside 192.168.1.34 2055
flow-export template timeout-rate 1
flow-export delay flow-create 60
class-map netflow-export-class
match access-list netflow-export
flow-export event-type all destination 192.168.1.34
policy-map netflow-export-policy
class netflow-export-class
flow-export event-type all destination 192.168.1.34
View 6 Replies
View Related
Sep 2, 2012
we have a local Netflow collector working fine. We also have a centralised collector that we’d like to use to send the same Netflow data, but it is not being received. We need to send the data via an IPSEC VPN.
When I do a 'show flow-export counters' I can see the packets sent increasing. The local collector is receive netflow data. I am using the below config,
access-list global_mpc extended permit ip any any
!
!IP far end of VPN
[Code].....
View 3 Replies
View Related
Nov 29, 2012
we have a Cisco ASA 5510 8.4, this device is reachable through a lan to lan IPsec vpn. We are able to activate the netflow export (we see flow export counters incrementing), but the flow is not passing through the vpn. Our netflow collector is on the other side of the IPsec tunnel so we define it linked to the internet interface.Is the export possible through the vpn? I read in a Solarwinds forum that it should not be possible.What ip address is choosen as source interface by ASA? Is there a way to force a source interface?
View 5 Replies
View Related
May 17, 2013
How can i enable Netflow for each Vlan Or interface indvidually in Cisco ASA? currently i have setup Netflow and only 2 interfaces are shwoing traffic for Netflow which are not even as my physical or Vlan interfaces . (see screen shot )
EscapeASA# sh interface ip brief
Interface IP-Address OK? Method Status Protocol
Internal-Data0/0 unassigned YES unset up up
[Code].....
View 9 Replies
View Related
Dec 5, 2012
I am currently testing Netflow accuracy on my Solarwinds platform. So I have been transferring a large file across an ASA 5520, which is set up to send Netflow data to out Solarwinds server.
The problem is that the Netflow data does not show up on Solarwinds for about 2.5 hours. Once it gets there the size is correct, but the time stamp on Solarwinds is 2.5 hours behind when the transfer happened. For routers it is showing up within a few minutes.
ASA is running 8.2(5) and Solarwinds NTA 3.9.0. Firewall and Solarwinds times / timezones are the same.
View 8 Replies
View Related
Nov 29, 2012
My VRF Collector job has started failing. I have attached the contents of the vnmcollector.log file after setting debug level to DEBUG.
View 1 Replies
View Related
Aug 19, 2012
I need to know if I can pull Netflow style data (Top Talkers, Top Sessions, etc) from ASA 5505s? We are looking at buying some but I need to be able to export this kind of data to my managment station which is also a collector. I have read on this forum that 8.2 and above should support Netflow but I have read conflicting information.
View 2 Replies
View Related
Oct 19, 2011
I've noticed a problem with log collector on the secondary acs server. It suddenly stopped to collect logs.So, current acs version is 5.1.0.44.3 and all processes were running. During this time, ACS sent a couple of authentication reports in the monitoring system.But they can not be viewed through ACS Monitoring&Report system. The problem was solved by rebooting the server.
View 0 Replies
View Related
May 21, 2013
my LMS 4.2, syslog collector on LMS doesnt working even service syslog collector running normaly and also i saw in syslog_info is working to collect syslog from all router but not show up in dashboard monitoring.I have setting on every router to logging (ip address LMS) but on LMS no any syslog from router can collect.i did a selftest from LMS there are all PASS except nslookup fail, it is has relation with syslog not show up on dashboard?
View 5 Replies
View Related
Nov 11, 2012
I'm using CiscoWorks LMS 4.0.1 and I need to activate a remote syslog collector.Installation occur without errors and the test subscription is fine but syslog reports are always empty!These two servers need to communicate through a firewall.I'm not able to define a correct rule, a "permit ip any any" does not work also!
View 1 Replies
View Related
Jul 7, 2012
We have LMS 4.1 in our network. We had recently installed Remote Syslog Collector on a new Server to collect logs from all the devices. How can we integrate the Remote Syslog Collector with the LMS Server?
View 3 Replies
View Related
