Monitor Traffice On ASA

Amardeep Kumar · ‎08-04-2010

HI

I have an ASA 5505 . I want to monitor the netwrok via ASA. Like which ip is making network distrub. Somthing like that. Is it possible to to control users. Can I block un use full sites.

Thanks

Amardeep K

Allen P Chen · ‎08-04-2010

Hello,

If your ASA is running software version 8.2 or above, you can configure NetFlow to monitor network traffic:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html

Amardeep Kumar · ‎08-04-2010

HI

I have 7.2 version , can I upgrade this. If yes how.

And any other way to monitor with same version I have.

Please suggest.

Thanks

Nagaraja Thanthry · ‎08-04-2010

Hello,

While netflow is the best way of doing it, if you are running 8.0 and above,

you could also use ASDM to track some of these things. ASDM gives you

information about top 10 devices that are using the bandwidth along with top

10 services. For you to use that, you need to enable threat detection

feature on the firewall.

Hope this helps.

Regards,

NT

dianewalker · ‎08-05-2010

NT,

How do you enable threat detection feature on the firewall? Once it is enabled, how do you set it up in ASDM?

Thanks.

Diane

Nagaraja Thanthry · ‎08-05-2010

Hello,

You can use the following command reference guide to configure threat-detection.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html#wp1058270

Once you enable threat detection, in the ASDM dashboard, you will see a section that talks about top 10 talkers. That will give you information about top 10 devices/services using your bandwidth.

Hope this helps.

Regards,

NT

dianewalker · ‎08-05-2010

Thanks for your prompt response and information, NT. I will check out the link. One more question: Does turning on threat detection affect the performance of ASA? Would you leave threat detection on all the time or would you turn it on when you need it? Thanks.

Diane

Nagaraja Thanthry · ‎08-05-2010

Hello,

Threat detection requires some amount of memory because it has to keep track of all the connections. Also, sometimes, if some inside hosts try to open lot of half-open connections, then they could be treated as attackers and may get shunned (you will have options to exclude devices if you like). Other than that there is no other issue in turning on the threat detection.

Hope this helps.

Regards,

NT

Allen P Chen · ‎08-05-2010

Hello,

Enabling threat-detection statistics will utilize additional resources on the ASA. The following is mentioned in the command reference guide:

Enabling statistics can affect the security appliance performance, depending on the type of statistics enabled. The threat-detection statistics host command affects performance in a significant way; if you have a high traffic load, you might consider enabling this type of statistics temporarily. The threat-detection statistics port command, however, has modest impact.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1499830

Allen P Chen · ‎08-04-2010

Hello,

If you have a service contract associated with your CCO account, then you can download the software here:

http://tinyurl.com/2fp6ae2

Hope that helps.