Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Monitor Traffice On ASA

HI

I have an ASA 5505 . I want to monitor the netwrok via ASA. Like which ip is making network distrub. Somthing like that. Is it possible to to control users. Can I block un use full sites.

Thanks

Amardeep K

9 REPLIES
Cisco Employee

Re: Monitor Traffice On ASA

Hello,

If your ASA is running software version 8.2 or above, you can configure NetFlow to monitor network traffic:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html

New Member

Re: Monitor Traffice On ASA

HI

I have 7.2 version , can I upgrade this. If yes how.

And any other way to monitor with same version I have.

Please suggest.

Thanks

Cisco Employee

Re: Monitor Traffice On ASA

Hello,

While netflow is the best way of doing it, if you are running 8.0 and above,

you could also use ASDM to track some of these things. ASDM gives you

information about top 10 devices that are using the bandwidth along with top

10 services. For you to use that, you need to enable threat detection

feature on the firewall.

Hope this helps.

Regards,

NT

New Member

Re: Monitor Traffice On ASA

NT,

How do you enable threat detection feature on the firewall?  Once it is enabled, how do you set it up in ASDM?

Thanks.

Diane

Cisco Employee

Re: Monitor Traffice On ASA

Hello,

You can use the following command reference guide to configure threat-detection.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html#wp1058270

Once you enable threat detection, in the ASDM dashboard, you will see a section that talks about top 10 talkers. That will give you information about top 10 devices/services using your bandwidth.

Hope this helps.

Regards,

NT

New Member

Re: Monitor Traffice On ASA

Thanks for your prompt response and information, NT.   I will check out the link.   One more question:  Does turning on threat detection affect the performance of ASA?   Would you leave threat detection on all the time or would you turn it on when you need it?  Thanks.

Diane

Cisco Employee

Re: Monitor Traffice On ASA

Hello,

Threat detection requires some amount of memory because it has to keep track of all the connections. Also, sometimes, if some inside hosts try to open lot of half-open connections, then they could be treated as attackers and may get shunned (you will have options to exclude devices if you like). Other than that there is no other issue in turning on the threat detection.

Hope this helps.

Regards,

NT

Cisco Employee

Re: Monitor Traffice On ASA

Hello,

Enabling threat-detection statistics will utilize additional resources on the ASA.  The following is mentioned in the command reference guide:

Enabling statistics can affect the security appliance performance, depending on the type of statistics enabled. The threat-detection statistics host command affects performance in a significant way; if you have a high  traffic load, you might consider enabling this type of statistics  temporarily. The threat-detection statistics port command, however, has modest impact.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1499830

Cisco Employee

Re: Monitor Traffice On ASA

Hello,

If you have a service contract associated with your CCO account, then you can download the software here:

http://tinyurl.com/2fp6ae2

Hope that helps.

270
Views
29
Helpful
9
Replies