06-19-2008 01:01 PM - edited 03-11-2019 06:01 AM
Hi, I have setup all ASA FW on different locations and made Site to SIte Tunnel and Remote VPN and everything is working fine.As I know, the Accounting in AAA Server keeps the records of What users has done and Does Sys log Server contains of all information of every inbound and outbound packet of all interfaces of Cisco ASA. I have to monitor all traffic and how may I determine according to the Security concerned which Packet is a genuine one or which is not and If I may know about the attacks then which steps I must take. Thanks...
06-20-2008 03:30 AM
To really know about the attacks you would need a good IPS solution. The ASA (without the AIP-SSM) module is a device whose primary function is 'access control' and not attack detection and mitigation (even tough there is limited support for such configurations).
Regards
Farrukh
06-20-2008 07:14 AM
Thanks Farrukh, I really appreciate... Can you please suggest me any software through which I could monitor Interface Traffic? Does Sys log Server perform same work in Cisco ASA. Can you please send a link of documentation to know about IPS in better way. AIP-SSM stands for???? Thanks...
06-20-2008 12:01 PM
Are you looking for a free software or you need to purchase one? Nagios is one free one, there are many others.
Please have a look at these links:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_brochure_list.html
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_presentation_list.html
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheets_list.html
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_brochure_list.html
Regards
Farrukh
06-22-2008 02:05 AM
Hi
If you are looking for monitoring of NW traffic from security point of view, you can try opensource sim tool like OSSIM.
If you want only to monitor NW devices/ Interfaces for Uptime/Availabilty/CPU/Mem usage etc.,then you can try OpenNMS or Nagios.
07-22-2011 02:00 AM
Check
Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: