Monitoring Traffic leaving ASA 5510

gnaveen · ‎11-16-2010

I have a ASA 5510 interface Ethernet0/0 connected to the outside world.

We have Servers in our inside zone (NOC) and 2 GRE tunnels talking to 2 different Data Centers across 2 different sites.

We want to monitor the NOC traffic and 2 different DC traffic. Is it possible to the break out of traffic in the outside that’s leaving the NOC and 2 data centers as opposed to going between servers in the zone?

-NG

Kureli Sankar · ‎11-16-2010

These two GRE tunnel destination will be different. So, can't you use your monitoring server to monitor two diff. destination IP addresses?

What monitoring server are you using?

-KS

gnaveen · ‎11-17-2010

We have Voice/Data traffic going to the 2 DC via outside interface. Is it possible to separate the two traffic on ASA (outside).

Like to separate the video traffic passing between the servers.

-NG

rmeans · ‎11-17-2010

I am not sure at what level you want to monitor. Syslog monitors or records communications at a high level. Using the capture command can give you more detail. Depending on the type of traffic, the ASA capture may not be able to give you exactly what is happening. If the traffic is encapsulated and/or encrypted.

brief capture option

create access-list defining source and destination of traffic you want to see

capture access-list interface outside packet-length 1500