Cisco Cisco ASA 5545-X Adaptive Security Appliance - No Payload Encryption
28
Cisco ASA NetFlow Implementation Guide
Examples for NSEL (CLI)
Examples for NSEL (CLI)
The following examples show flows that generate events and include information about how to
implement collector support for NSEL fields in the ASA.
implement collector support for NSEL fields in the ASA.
Example 1: Allowed Flow with PAT Interface
This example shows an allowed flow that uses the PAT interface. The output interface IP address is
209.165.200.225. The user is authenticated as User A. No ACLs are specified; however, the flow is
outbound, so it is allowed by default. According to
209.165.200.225. The user is authenticated as User A. No ACLs are specified; however, the flow is
outbound, so it is allowed by default. According to
and the description provided, a flow creation
event would be issued.
Figure 1
Example of an Allowed Flow with a PAT Interface
The resulting NSEL record would include the following fields and values:
Source: 209.165.200.254
Destination: 209.165.200.225
Source: 209.165.201.1
Destination: 209.165.200.225
ASA
250372
Field
Value
NF_F_CONN_ID
xxxx
NF_F_SRC_ADDR_IPV4
209.165.200.254
NF_F_SRC_PORT
56789
NF_F_SRC_INTF_ID
1
NF_F_DST_ADDR_IPV4
209.165.200.225
NF_F_DST_PORT
80
NF_F_DST_INTF_ID
0
NF_F_PROTOCOL
6
NF_F_ICMP_TYPE
0
NF_F_ICMP_CODE
0
NF_F_XLATE_SRC_ADDR_IPV4
209.165.201.1
NF_F_XLATE_DST_ADDR_IPV4
209.165.200.225
NF_F_XLATE_SRC_PORT
1024
NF_F_XLATE_DST_PORT
80
NF_F_FW_EVENT
1
NF_F_FW_EXT_EVENT
0
NF_F_EVENT_TIME_MSEC
YYYYYYYY
NF_F_INGRESS_ACL_ID
0
NF_F_EGRESS_ACL_ID
0
NF_F_USERNAME
User A