PrepAway - Latest Free Exam Questions & Answers

Which of the following statements is true regarding NSEL on a Cisco ASA?

Which of the following statements is true regarding NSEL on a Cisco ASA?

A. You cannot configure NSEL if the ASA is operating in multiple context mode.

B. IP address and host name assignments are not required to be unique throughout the NetFlow configuration.

C. You cannot configure NSEL if the ASA is operating in transparent firewall mode.

D. You must have at least one collector configured before you can use NSEL.

Explanation:
You must have at least one collector configured before you can use NetFlow Secure Event Logging (NSEL) on a Cisco Adaptive Security Appliance (ASA). Cisco recommends globally configuring any collectors that will be required by the policies. Global collector configuration links the IP address of a collector with an interface on the ASA. For example, the flow-export destination 1.2.3.4 inside command configures a global collector with an IP address of 1.2.3.4 and specifies that the collector be reached through the inside interface. Global collector configuration does not provide the ability to filter NetFlow data for a particular event type.

NSEL, which is simply an ASA-specific implementation of NetFlow, can be configured when the ASA is operating in either single-context mode or multiple-context mode. It is not dependent on the ASA forwarding mode and can therefore be configured whether the ASA is operating in routed or transparent mode. In addition, NSEL supports both IP version 4 (IPv4) and IP version 6 (IPv6) traffic.

When configuring NetFlow on a Cisco ASA, you can use the Modular Policy Framework (MPF) to create a service policy to export event data for a specific type of event and for specific traffic flows. First, you should create a class map to identify traffic that will be exported to the collector. The class map can use an access control list (ACL) to match specific traffic, or it can be configured to match any traffic. Next, you should create a policy map to define the action that should be used for traffic identified by the associated class map. The flow-export event-type event-type destination flow-export-host1 [flow-export-host2] command can be used to specify that events of a certain type be forwarded to a particular collector IP address. Finally, you should create a service policy to apply the policy map to the ASA globally.

Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_nsel.html#34005
https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_nsel.html#68826


Leave a Reply