Cisco Cisco ASA 5585-X with No Payload Encryption
22
Cisco ASA NetFlow Implementation Guide
Configure NSEL Collectors (CLI)
The flow_export_policy argument is the name of the policy map.
If you create a new policy map and apply it globally according to
, the remaining inspection
policies are deactivated.
Alternatively, enter the class flow_export_class command after the policy-map global_policy
command to insert a NetFlow class in the existing policy.
command to insert a NetFlow class in the existing policy.
See the firewall configuration guide or more information about creating or modifying the Modular Policy
Framework.
Framework.
Step 4
Define the class to apply flow-export actions.
class
flow_export_class
Example:
ciscoasa(config-pmap)# class flow_export_class
The flow_export_class argument is the name of the class.
Step 5
Configure a flow-export action.
flow-export event-type
event-type destination flow_export_host1 [flow_export_host2]
Example:
ciscoasa(config-pmap-c)# flow-export event-type all destination 209.165.200.230
The event_type keyword is the name of the supported event being filtered. The destination keyword is
the IP address of the configured collector. The flow_export_host argument is the IP address of a host.
the IP address of the configured collector. The flow_export_host argument is the IP address of a host.
Step 6
Add the service policy globally.
service-policy
flow_export_policy global
Example:
ciscoasa(config)# service-policy flow_export_policy global
The flow_export_policy argument is the name of the policy map.
Configure Template Timeout Intervals
To configure template timeout intervals, perform the following steps:
Procedure
Step 1
Specify the interval at which template records are sent to all configured output destinations.
flow-export template timeout-rate
minutes
Example:
ciscoasa(config)# flow-export template timeout-rate 15