IOS-XE Netflow Config to NTA?

Hi Everyone,

I'm having some trouble getting new Cisco 4331 routers sending netflow to NTA.  Can anyone take a look at my config and see if you see anything obviously wrong, or offer any tips/pointers?  These are outside edge Internet routers, with a management interface with VRF having a private IP.  The flow traffic should be coming from an inband interface, Gi0/0/01.10.  My firewalls are configured to allow UDP 2055 to flow from the outside source to a NAT to the NTA. 

Thanks.

EdgeRouter1#sh run | s flow

flow record ipv4

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect interface output

collect counter bytes

collect counter packets

flow exporter NetFlow-to-Orion

destination X.Y.Z.149

source GigabitEthernet0/0/1.10

transport udp 2055

flow monitor Orion-NetFlow-Monitor

description Original Netflow captures

exporter NetFlow-to-Orion

cache timeout inactive 10

cache timeout active 5

record ipv4

ip flow monitor Orion-NetFlow-Monitor input

ip flow monitor Orion-NetFlow-Monitor input

ip flow monitor Orion-NetFlow-Monitor input

alias exec shflow show flow mon name Orion-NetFlow-Monitor cache

EdgeRouter1#

 

EdgeRouter1#sh run | i interface|flow

interface GigabitEthernet0/0/0

ip flow monitor Orion-NetFlow-Monitor input

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/1.10

ip flow monitor Orion-NetFlow-Monitor input

interface GigabitEthernet0/0/1.192

ip flow monitor Orion-NetFlow-Monitor input

 

EdgeRouter1#sh ver

Cisco IOS XE Software, Version 03.13.02.S - Extended Support Release

Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S2, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2015 by Cisco Systems, Inc.

Compiled Fri 30-Jan-15 15:19 by mcpre

 

 

 

 

ROM: IOS-XE ROMMON

 

 

EdgeRouter1 uptime is 14 weeks, 5 days, 42 minutes

Uptime for this control processor is 14 weeks, 5 days, 43 minutes

System returned to ROM by reload

System restarted at 08:50:36 EDT Wed May 20 2015

System image file is "bootflash:/isr4300-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin"

Last reload reason: PowerOn

 

 

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

 

If you require further assistance please contact us by sending email to

export@cisco.com.