Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Monitoring Traffic leaving ASA 5510

I have a ASA 5510 interface Ethernet0/0 connected to the outside world.

We have Servers in our inside zone (NOC) and 2 GRE tunnels talking to 2 different Data Centers across 2 different sites.

We  want to monitor the NOC traffic and 2 different DC traffic. Is it  possible to the break out of traffic in the outside that’s leaving the  NOC and 2 data centers as opposed to going between servers in the zone?

-NG

3 REPLIES
Cisco Employee

Re: Monitoring Traffic leaving ASA 5510

These two GRE tunnel destination will be different. So, can't you use your monitoring server to monitor two diff. destination IP addresses?

What monitoring server are you using?

-KS

New Member

Re: Monitoring Traffic leaving ASA 5510

We have Voice/Data traffic going to the 2 DC via outside interface. Is it possible to separate the two traffic on ASA (outside).

Like to separate the video traffic passing between the servers.

-NG

New Member

Re: Monitoring Traffic leaving ASA 5510

I am not sure at what level you want to monitor.  Syslog monitors or records communications at a high level.  Using the capture command can give you more detail.  Depending on the type of traffic, the ASA capture may not be able to give you exactly what is happening.  If the traffic is encapsulated and/or encrypted.

brief capture option

create access-list defining source and destination of traffic you want to see

capture access-list interface outside packet-length 1500

582
Views
0
Helpful
3
Replies
CreatePlease login to create content