11-23-2008 06:36 AM - edited 03-11-2019 07:16 AM
I am trying to monitor traffic on an ASA 5510. I was hoping to use SNMP to get this data to a monitoring/graphing tool such as cacti. I already have SNMP giving me the overall traffic picture.
I can easily see the data I want to capture by using ASDM and the Firewall Dashboard: the info is Usage Status, top 10 services. I want to capture this for network management reasons.
The published OIDs for the ASA device do include tables enabled by 1.3.6.1.4.1.9.9.491.1.1.3.1.0 etc.
which might help me get this info, but most of the useful 491 isn't available or applicable it seems.
Am I right in thinking that I ought to be able to get this info out and logged, or is this a trickier exercise than I anticipated?
Is SNMP the wrong way to go about this?
To be precise, I want to know how much of the passed traffic is in the VPN tunnels, how much is http, how much is email, how much is FTP etc..
Any suggestions welcome, no matter how lateral
11-23-2008 07:32 AM
To be precise, I want to know how much of the passed traffic is in the VPN tunnels, how much is http, how much is email, how much is FTP etc..
Any suggestions welcome, no matter how lateral
This is just personally opinion and practice, thats the beauty of democracy I guess:) , have not played much with SNMP on ASA yet, but my strategy is IOS netflow and it is free, I am able to use netflow behind ASAfws in internal edge router right before geting outbound via asa inside interface.
I can capture via netflow source Ips/destination ips engaged in tunnels and respective tcp ports, the downside is that you would have to do the math to get a proximate traffic brakedown and compare it with the total bandwidth of your outbound links.
I believe Cisco has security management apps so I read like Cisco Security manager, but I have not used it, I cannot comment on it but here is a link for detail info.
http://www.cisco.com/en/US/products/ps6498/index.html
Rgds
Jorge
11-23-2008 10:19 AM
Cisco Security Manager (CSM) can not do what
you asked. It is a network management app.
but not for netflow.
11-23-2008 10:48 AM
David, thanks for confirming about CSM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide