{"id":307,"date":"2009-09-07T17:15:37","date_gmt":"2009-09-07T17:15:37","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2009\/09\/07\/asa-how-do-i-enable-netflow-on-an-asa\/"},"modified":"2021-07-31T16:41:47","modified_gmt":"2021-07-31T16:41:47","slug":"asa-how-do-i-enable-netflow-on-an-asa","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/asa-how-do-i-enable-netflow-on-an-asa.html","title":{"rendered":"ASA – How do I enable Netflow on an ASA?"},"content":{"rendered":"
NetFlow is a network protocol<\/span> developed by Cisco Systems to run on a range of network devices for collecting IP traffic information.<\/p>\n Previously only Cisco IOS routers and the Cisco 5580 ASA supported Netflow. But now with the introduction of Cisco ASA software 8.2, the complete ASA family now supports Netflow. Below shows you an example of how to configure Netflow. In this example the Netflow server is location on the inside interface and has an IP of 10.1.1.10. Along with this all Netflow traffic will be sent via port 9998. ciscoasa(config)# class-map flow_export_class ciscoasa(config)# policy-map global_policy NetFlow is a network protocol developed by Cisco Systems to run on a range of network devices for collecting IP traffic information. Previously only Cisco IOS routers and the Cisco 5580 ASA supported Netflow. But now with the introduction of Cisco ASA software 8.2, the complete ASA family now supports Netflow. There are 3 event … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\n
\nThere are 3 event types that can trigger the creation of a Netflow record. These are `flow-create`, `flow-denied`, `flow-teardown`. <\/strong>You can also use `all` to trigger on any of these 3.<\/p>\n
\nIn this example I have added the class-map to the policy-map “global_policy”. Which in most cases should already be applied to the ASA globally (all interfaces) via the service-policy command.<\/p>\nciscoasa(config)# flow-export destination inside 10.1.1.10 9998\r\nciscoasa(config)# access-list flow_export_acl permit ip any any<\/pre>\n
\nciscoasa(config-cmap)# match access-list flow_export_acl<\/p>\n
\nciscoasa(config-pmap)# class flow_export_class
\nciscoasa(config-pmap-c)# flow-export event-type all destination 10.1.1.10<\/p>\n","protected":false},"excerpt":{"rendered":"