Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
5
Replies

Network Traffic Monitoring

ray_stone
Level 1
Level 1

‎06-19-2008 01:01 PM - edited ‎03-11-2019 06:01 AM

Hi, I have setup all ASA FW on different locations and made Site to SIte Tunnel and Remote VPN and everything is working fine.As I know, the Accounting in AAA Server keeps the records of What users has done and Does Sys log Server contains of all information of every inbound and outbound packet of all interfaces of Cisco ASA. I have to monitor all traffic and how may I determine according to the Security concerned which Packet is a genuine one or which is not and If I may know about the attacks then which steps I must take. Thanks...

Labels:
0 Helpful
5 Replies 5

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-20-2008 03:30 AM

To really know about the attacks you would need a good IPS solution. The ASA (without the AIP-SSM) module is a device whose primary function is 'access control' and not attack detection and mitigation (even tough there is limited support for such configurations).

Regards

Farrukh

0 Helpful

ray_stone
Level 1
Level 1
In response to Farrukh Haroon

‎06-20-2008 07:14 AM

Thanks Farrukh, I really appreciate... Can you please suggest me any software through which I could monitor Interface Traffic? Does Sys log Server perform same work in Cisco ASA. Can you please send a link of documentation to know about IPS in better way. AIP-SSM stands for???? Thanks...

0 Helpful

dhananjoy chowdhury
Level 5
Level 5
In response to ray_stone

‎06-22-2008 02:05 AM

Hi

If you are looking for monitoring of NW traffic from security point of view, you can try opensource sim tool like OSSIM.

If you want only to monitor NW devices/ Interfaces for Uptime/Availabilty/CPU/Mem usage etc.,then you can try OpenNMS or Nagios.

0 Helpful

merabtavart
Level 1
Level 1

‎07-22-2011 02:00 AM

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card