Unable to add Cisco ASA to Dashboard

Unable to add Cisco ASA to Dashboard

Hi 

I'm currently using ManageEngine Netflow Analyzer ver. 8 and so far its has been good. My issue is that, I have 2 Cisco ASA5510 running on version 8.2(2). One firewall sits at the Data Center which is another location and one sits here in the office.

I'm able to add the office ASA to the dashboard based on the recommended configuration since its just internal network. But I'm unable to add the ASA from the Data Center which is another location considering I have added the recommended configuration wherein the only difference is that I have pointed to the public ip address of our firewall on the outside interface. I have already permitted "udp any any" on both firewalls both for incoming and outgoing interface yet still no luck. We have site to site VPN from my office to data center wherein I have configured netflow to sent packets via vpn using the internal ip address of the server in our office, yet still no luck.

See below configuration of my ASA.

===========
OFFICE ASA
===========

interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 203.XX.XX.65 255.255.255.240 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 174.17.2.1 255.255.255.0 

access-list acl_in extended permit icmp any any 
access-list acl_in extended permit tcp any any 
access-list acl_in extended permit udp any any 
access-list acl_out extended permit udp any any 
access-list netflow-export extended permit ip any any 
access-group acl_out in interface outside
access-group acl_in in interface inside

flow-export destination inside 174.17.2.99 9996
flow-export template timeout-rate 1
flow-export delay flow-create 60

class-map netflow-export-class
 match access-list netflow-export
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map ntop-netflow-export-policy
 class netflow-export-class
  flow-export event-type all destination 174.17.2.114
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
  inspect ip-options 
policy-map netflow-export-policy
 class netflow-export-class
  flow-export event-type all destination 174.17.2.99 
!
service-policy netflow-export-policy global


=====================
DATA CENTER - ASA
=====================


interface Ethernet0/0
 speed 10
 nameif outside
 security-level 0
 ip address 203.XX.XX.50 255.255.255.240 standby 203.XX.XX.59 

access-list INET_OUTBOUND extended permit udp any any 
access-list INET_INBOUND extended permit udp any any 
access-list netflow-export extended permit ip any any 
access-group INET_INBOUND in interface outside

flow-export destination outside 174.17.2.99 9996
flow-export destination outside 203.116.29.65 9996
flow-export template timeout-rate 1
flow-export delay flow-create 60

class-map global-class
 match any
class-map inspection_default
 match default-inspection-traffic
class-map global-class1
 match access-list netflow-export
!
!
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
policy-map global-policy1
 class global-class1
  flow-export event-type all destination 174.17.2.99 203.XX.XX.65
 class class-default
  flow-export event-type all destination 174.17.2.99 203.XX.XX.65
policy-map global-policy
!             
service-policy global-policy1 global





Please help.

Cheers!

Dan


                New to ADSelfService Plus?