Setting the NetFlow with Cisco CSR1000V ( Virtual Router Appliance ).
There are a case of that NetFlow Collector does NOT support ASA5505's NetFlow, because the ASA5505's NetFlow is NSEL that is fer difference from NetFlow though it is based on NetFlow v9.
For example, Opmantek opFlow does NOT support NSEL.
Installation CSR1000V
Installation of CSR100V on VMware ESXi is in this page.
It can be installed follow wizard with OVA file.
www.cisco.com
NetFlow Settings
Settings of NetFlow in CSR1000V is below.(about Base Config doesn't describe here because it is like other Cisco Router)
In this case, I referred the document of ASR(IOS-XR)
Create FlowRecord
Create FlowRecord for setting Key Field.
flow record opFlowRecord description opFlow match ipv4 source address match ipv4 destination address match ipv4 protocol match transport source-port match transport destination-port collect counter bytes long collect counter packets long
Create FlowExporter
Create FlowExporter for setting destination that is FlowCollector, Analyzer.
Set the Port Number to 12345 for matching default port of opFlow(Flowd).
flow exporter opFlowExporter destination 192.168.1.65 transport udp 12345
Create FlowMonitor
Create FlowMonitor to associate FlowRecord with FlowExporter.
flow monitor opFlowMonitor exporter opFlowExporter record opFlowRecord
Assign to interface
Assign the FlowMonitor to interface.
In my environment, Because of that default-gateway exists in same segment, set to not redirect.
interface GigabitEthernet1 ip address 192.168.1.15 255.255.255.0 no ip redirects ip flow monitor opFlowMonitor input negotiation auto
Checking status
You can check the setting works correctly like below.
CSR1000v-15#show flow exporter opFlowExporter statistics Flow Exporter opFlowExporter: Packet send statistics (last cleared 00:44:21 ago): Successfully sent: 622 (83060 bytes) Reason not given: 4 (404 bytes) Client send statistics: Client: Flow Monitor opFlowMonitor Records added: 2744 - sent: 2731 - failed to send: 13 Bytes added: 79576 - sent: 79199 - failed to send: 377