I like ManageEngine Netflow Analyzer to monitor network traffic on our ASA’s. There are a few settings that are specific to the tool to get it working. I found this blog post which is a perfect how-to for you to get your ASA going with Netflow.
If you aren’t using Netflow on your internal network, you should be. It is a great way to troubleshoot chatty machines and the general flow of traffic on your network. It is also great to determine your backup windows. A lot of time admins just guess a time to kick off backups, but Netflow will give you a precise window for when to run backups.
In this tutorial I will go over how to set up Netflow on your 6500 switch. In my example I am using software version 12.2.
switch(config)#mls flow ip full
switch(config)#mls flow ip interface-full
This enables all flows. If you only want specific flows, you can specify it with that command (example below). If you aren’t sure or don’t care, just use full.
switch(config)#mls flow ip ? interface-destination interface-destination flow keyword interface-destination-source interface-destination-source flow keyword interface-full interface-full flow keyword interface-source interface-source only flow keyword
Assign Flow to Layer 2 VLAN’s
switch(config)#ip flow ingress layer2-switched vlan 110-113,172,192
Assign Flow to Layer 3 Interfaces
Lets say you have a couple VLAN interfaces and an IP interface that connects to another switch/router you want to monitor. Here’s how to get flows from those interfaces.
switch(config)#interface Vlan100 switch(config-if)#ip route-cache flow switch(config)#interface fastEthernet 1/1 switch(config-if)#ip route-cache flow
Configure the version you want to export. It will depend on the utility that you use to monitor your flows. Usually version 5 is safe, but most new ones support version 7.
switch(config)#mls nde sender version 5
Configure your source interface to send from, in my example VLAN100, and the destination. The destination will be your Netflow application server (10.100.1.50), note the port afterwards, be sure your server is listening on that port.
Switch(config)#ip flow-export source Vlan100 Switch(config)#ip flow-export destination 10.100.1.50 9996
Now, you have your 6500 exporting flows to your destination IP. Now it’s time to set up a Netflow server. I like ManageEngine Netflow monitor, there many others to choose from (Solarwinds, etc.) Just pick one that you are comfortable with and go with it.