Search 85,961 posts and 653 resources contributed by 43,634 members or post a topic.

Already Joined? Sign in
ASA5520

Page 1 of 2 (16 items) 1 2 Next > | RSS

rated by 0 users
Answered (Verified) This post has 1 verified answer | 15 Replies | 0 Followers | 2,585 Views


4 Posts
Points 15
root0 posted on Mon, May 11 2009 4:25 AM
rated by 0 users

Hi

ASA5520 with asa821-k8.bin is supported by Netflow v3.1

  • | Post Points: 6

Answered (Verified) Verified Answer


1,273 Posts
Points 14,288
Moderator
SolarWinds Employee
Answered (Verified) mcbridea replied on Tue, Nov 10 2009 9:04 AM
rated by 0 users
Verified by chris.lapoint

To close the look on ASA , NTA 3.5 does function with ASAs running 8.2+.

See http://thwack.com/forums/t/19114.aspx

Andy McBride, Technology Support Specialist - SolarWinds

Follow Me on Twitter

  • | Post Points: 21

All Replies


4 Posts
Points 15
root0 replied on Tue, May 19 2009 8:42 AM
rated by 0 users

Debug log

2009-05-19 15:29:01,893 [STP SmartThreadPool Thread #56] WARN  SolarWinds.Orion.NetFlow.Workflow.PacketProcessingWorkflow - Failed to parse packet from IP 10.80.80.199.
2009-05-19 15:29:01,940 [STP SmartThreadPool Thread #56] WARN  SolarWinds.Orion.NetFlow.V9PacketFactory - Packet was dropped because of invalid template id: 263
2009-05-19 15:29:01,940 [STP SmartThreadPool Thread #56] WARN  SolarWinds.Orion.NetFlow.Workflow.PacketProcessingWorkflow - Failed to parse packet from IP 10.80.80.199.
2009-05-19 15:29:01,940 [STP SmartThreadPool Thread #54] WARN  SolarWinds.Orion.NetFlow.V9PacketFactory - Packet was dropped because of invalid template id: 256

  • | Post Points: 3

81 Posts
Points 375
SolarWinds Employee
ET replied on Wed, May 20 2009 2:53 PM
rated by 0 users

Hi,

if you want to netflow be able process data from Netflow-V9, than the template must contains following fields (according RFC).

(ID // RFC name)

1   // octetDeltaCount,    
2   // packetDeltaCount,   
4   // protocolIdentifier, 
5   // ipClassOfService
7   // sourceTransportPort
8   // sourceIPv4Address
10 // ingressInterface
11 // destinationTransportPort
12 // destinationIPv4Address
14 // egressInterface

 

If one item is missing, than the template is invalid for our collector and we drop all packets which belongs to this template. So you need to set up router to export all these fields.

 

ET, Developer

  • | Post Points: 3

4 Posts
Points 15
root0 replied on Thu, May 21 2009 1:39 AM
rated by 0 users

NTA 3.1 don't work with Cisco ASA

  • | Post Points: 3

81 Posts
Points 375
SolarWinds Employee
ET replied on Thu, May 21 2009 2:31 AM
rated by 0 users

So you are not able to set up these fields for your templates or there is some other issue? If you know that you have all these fields in your templates and you are still not able collect data, can you please send me some short pcap from this device? I can check it. (I need template definition there)

 

Thanks, ET

ET, Developer

  • | Post Points: 3

1,273 Posts
Points 14,288
Moderator
SolarWinds Employee
mcbridea replied on Thu, May 21 2009 10:04 AM
rated by 0 users

NetFlow on the ASA is a strange implementation. Do you have it configured to export upon NSEL defined events?

Andy McBride, Technology Support Specialist - SolarWinds

Follow Me on Twitter

  • | Post Points: 3

66 Posts
Points 693
SolarWinds Certified Professional
Dobbs replied on Mon, Jun 1 2009 7:03 AM
rated by 0 users

Has anyone confirmed that the ASA's (5505, 5520, 5580) can succesfully export Netflow data to the Orion NTA collector for analysis?

------------------------------------------------------------

Prosperon Networks - Authorised UK SolarWinds Resellers http://www.prosperon.co.uk

  • | Post Points: 3

4 Posts
Points 15
root0 replied on Mon, Jun 1 2009 7:12 AM
rated by 0 users

For this moment ASA is working with NSEL Cisco Mars 6.0.3

ASA doesn't work with NTA 3.1 :(

  • | Post Points: 3

7 Posts
Points 19
cavemancan replied on Mon, Jun 22 2009 2:26 PM
rated by 0 users

Is this still the case?

 

We have an ASA 5510 with IOS 8.2(1). I am trying to get the ASA to work with NTA but I need to verify that NTA is compatible with Netflow v9 before I try to configure the firewall. This is our production firewall so I don't want to make any changes unless I am certain it will work.

Please advise...

  • | Post Points: 3

1,273 Posts
Points 14,288
Moderator
SolarWinds Employee
Answered (Not Verified) mcbridea replied on Mon, Jun 22 2009 2:52 PM
rated by 0 users
Suggested by jswan

Yes - The ASA's do a security NetFlow export, not a traffic analysis  export so we can't read it.

Andy McBride, Technology Support Specialist - SolarWinds

Follow Me on Twitter

  • Post Points: 3

7 Posts
Points 19
cavemancan replied on Tue, Jun 23 2009 3:48 PM
rated by 0 users

Andy,

We have a tact contract with Cisco and I've been in contact with them. They said the following:

Hi Chris, 

I’m still looking at it as well.. but I’m not sure what they mean by traffic analysis export only and not a security netflow export.  Do they have any additional information on what they support or don’t support?

Can you also forward this to them:

http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html 

Thanks,

Scott

...and the second e-mail Cisco sent me a minute or two after...

I’ve been doing some more research, the NSEL is pretty specific and may not be compatible with 3rd party collectors.. 

NSEL exports ASA specific fields that cannot be interpreted by standard

NetFlow collector(s). But the messaging is NetFlow v9 protocol

compliant.

The ASA only supports NetFlow version 9.  Unlike routing platforms we do not send incremental updates; NSEL records are only sent during flow creation, teardown or ACL deny events. This is an issue as many customers expect to see flow information in real time, unfortunately this is not how NetFlow operates on the ASA.

So it looks like from the notes above, that solarwinds may not be able to interpret the data.  You may have to look at using a Cisco collector for the asa netflow traffic..

Thanks,

Scott

  • | Post Points: 5

1,273 Posts
Points 14,288
Moderator
SolarWinds Employee
mcbridea replied on Tue, Jun 23 2009 4:12 PM
rated by 0 users

In a nutshell the ASA line uses Flexible NetFlow (FNF). It is on our road map but not supported today.

Andy McBride, Technology Support Specialist - SolarWinds

Follow Me on Twitter

  • | Post Points: 1

100 Posts
Points 286
pserwe replied on Tue, Jun 23 2009 7:44 PM
rated by 0 users

cavemancan:

Andy,

We have a tact contract with Cisco and I've been in contact with them. They said the following:

Man!  A tact contract!  ;)  I want one of those!  All I get is TAC support ;)

Peter

NPM, NCM, Netflow, APM

  • | Post Points: 3

1,273 Posts
Points 14,288
Moderator
SolarWinds Employee
mcbridea replied on Wed, Jun 24 2009 11:11 AM
rated by 0 users

A- TTack!!!

Andy McBride, Technology Support Specialist - SolarWinds

Follow Me on Twitter

  • | Post Points: 3

7 Posts
Points 19
cavemancan replied on Wed, Jun 24 2009 11:24 AM
rated by 0 users

I'm going to put an A- Tack contract out on all of you! I wonder if Cisco can do it? LOL! Jerks! :p

  • | Post Points: 3
Page 1 of 2 (16 items) 1 2 Next > | RSS

© 2003 - 2010 SolarWinds, Inc. All Rights Reserved.

Who is SolarWinds?

SolarWinds is rewriting the rules for how companies manage their networks. Guided by a global community of network engineers, SolarWinds develops simple and powerful network management software and network monitoring software for networks of all sizes. SolarWinds also offers a network certification program to become a SolarWinds Certified Professional (SCP).

What is thwack?

thwack, SolarWinds online community site, was designed by network engineers, for network engineers. thwack is a vibrant, growing community of more than 30,000 IT pros who share a passion for technology.

Explore Resources, Answers, Templates, and Advice

Download Free Networking Tools

Learn More About SolarWinds Products