Cisco Cisco ASA for Nexus 1000V Series Switch
29
Cisco ASA NetFlow Implementation Guide
Examples for NSEL (CLI)
Example 2: Denied Flow on Egress with PAT Interface
This example shows a denied flow through an egress ACL that uses the PAT interface. The output
interface IP address is 209.165.200.225. The user is authenticated as User A. An input ACL (foo) allows
the flow, but an output ACL (bar) denies the flow. The input ACL (foo) is specified with an object group:
interface IP address is 209.165.200.225. The user is authenticated as User A. An input ACL (foo) allows
the flow, but an output ACL (bar) denies the flow. The input ACL (foo) is specified with an object group:
ciscoasa# object-group network host_grp_1
network-object host 209.165.200.254
network-object host 209.165.201.1
ciscoasa(config)# access-list foo extended permit tcp object-group host_grp_1 any eq www
ciscoasa(config)# access-list bar extended deny tcp any any
ciscoasa(config)# access-group foo in interface inside
ciscoasa(config)# access-group bar out interface outside
and the description provided, a flow denied event would be issued.
The resulting NSEL record would include the following fields and values:
Example 3: Filtering NSEL Events
These examples show how to filter NSEL events, with the specified collectors already configured:
•
flow-export destination inside 209.165.200.2055
•
flow-export destination outside 209.165.201.29 2055
•
flow-export destination outside 209.165.201.27 2055
Field
Value
NF_F_SRC_ADDR_IPV4
209.165.200.254
NF_F_SRC_PORT
37518
NF_F_SRC_INTF_ID
7
NF_F_DST_ADDR_IPV4
209.165.200.225
NF_F_DST_PORT
80
NF_F_DST_INTF_ID
8
NF_F_PROTOCOL
6
NF_F_ICMP_TYPE
0
NF_F_ICMP_CODE
0
NF_F_XLATE_SRC_ADDR_IPV4
209.165.201.1
NF_F_XLATE_DST_ADDR_IPV4
209.165.200.225
NF_F_XLATE_SRC_PORT
48264
NF_F_XLATE_DST_PORT
80
NF_F_FW_EVENT
3
NF_F_FW_EXT_EVENT
1002 (egress ACL)
NF_F_EVENT_TIME_MSEC
1187374131808
NF_F_INGRESS_ACL_ID
0x102154c1d0e5806e7e5ad93b
NF_F_EGRESS_ACL_ID
0x5da9bb6984434b4b00000000
NF_F_USERNAME
User A