Networking monitoring for cisco asa and cisco pix

Unanswered Question
May 19th, 2010

Hi all,

I am currently using manage engine netflow to monitor my cisco routers(need to enable netflow). It is able to let me know the top source, destination, protocol in terms of network traffic. Pls advise what can i use to monitor my cisco asa and pix firewalls to produce the same reports. Thks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Don Jacob Tue, 05/25/2010 - 06:34

Hi Don,

Cisco ASA supports NetFlow export from IOS version 8.1 onwards. Please ensure you are on the latest version of NetFlow Analyzer (version 8) and that you have the supported IOS or higher on the ASA.  The latest version of ManageEngine NetFlow Analyzer even lets you see  mapped IP Address for NAT translations.

Cisco ASA configuration has to be done as mentioned in the below link via ASDM:;jsessionid=AB591CDEAFF6B779924BAC90890BEF10.node0

In the above mentioned config, please use the listener port set in your ManageEngine (9996 by default) instead of the 2055 mentioned in the link. In case you prefer to configure the ASA via CLI, check the below post:

The latest version of ManageEngine can be downloaded from:

Regarding Cisco PIX, the device itself does not support NetFlow export and so it is not possible to monitor this device with NetFlow Analyzer or any such monitoring tool.


Don Thomas Jacob

Technical Support Lead

ManageEngine  NetFlow Analyzer


donnie Tue, 05/25/2010 - 17:52

Hi Don,

THk you for your reply. Hence there is no other tool(inlcuding netflow) that allows me to monitor network traffic of my pix and ASAs with earlier IOS versions(below ver8)?

Don Jacob Wed, 05/26/2010 - 04:11


NetFlow Analyzer and such tools are based on NetFlow or similar flow format packets exported from your devices. Since Cisco introducted NetFlow support on ASA only from IOS version 8.1 onwards and PIX not supporting NetFlow export with any versions, it is not possible to minitor them using such tools.

The best option we can suggest in such a scenario is another product from ManageEngine called Firewall Analyzer. ( You can use this product to monitor firewall appliances and get related reports based on syslog data. Feel free to reach the Firewall Analyzer support team at  [email protected] if you have any questions.


Don Thomas Jacob

Technical  Support Lead

ManageEngine   NetFlow Analyzer



This Discussion