Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5500 analyze traffic?

We have a Cisco ASA 5510 security device.

Here recently it seems every day at the same time (between 3 and 4 pm) our internet connection (4 bonded t1's) comes to a crawl.  I've looked through the Cisco but haven't been able to find anything useful.  I'd like to see what internal clients are accessing what externally and maybe see a bandwidth report for each client.  Is this possible?  I'd like to track down what is going on at these times.  We never had this problem before I implemented the ASA about 4 months ago.  I doubt it is the device, I just need to know what is going on and the only way I can think of doing so is running some report from the ASA.


Everyone's tags (4)
Cisco Employee

Re: ASA 5500 analyze traffic?

well i think a goo dpoint to start would be ask your isp/service provider to give you a stats of traffic around that time

this will give you a good idea about bandwidth utilzation of your T1

try to find out what is happening between 3 to 4 pm in your network, many times there could be scheduled backups happening at fixed times in a day and this traffi cmight be too much and overloading the firewall

check the following during this time

logs - to see if you find something wierd

cpu -see how it fares betwene 3-4 pm when compared to rest of the day

show xlate - again as above

show conn - again as above

and my final answer if you have smartnet - open TAC CASE - we will be more than happy to investigate

Cisco Employee

Re: ASA 5500 analyze traffic?


Just to add on here, ASDM has some important graphs which might help you as well.

As seen, you can see TOP access-list hits, Top USage (including source address, dest address and service). Hope this helps.



CreatePlease to create content