Is there any way we could see the high communication flow between the src and dst on the ASA firewall in real time? we could see the top 10 sources and top 10 destinations but it didn't match the flow. Also top 10 seems to be a limication, is there any way we can see the top 100 sources / destination?
Adding to Panos comment, one way I see you could pool 100 top hosts would be if you have a router behind asa-firewall inside where outbound/inbound traffic will cross insideRouter->ASA>outbound-inbound . Run netflow on the router , you can then use a robust netflow collector like Netflow analizer from ManageEngine http://www.manageengine.com , I have this setup which successfully pools up to 200 top hosts outbound traffic utilization per host.- see attach for screen shot example. .
Im not sure if a freeware netflow collector can pool this quantity of hosts traffic stats..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...