I replaced a SonicWall 4060 Pro with dual Cisco ASA 5520s and the CSC SSM modules. I need to know how to run web usage reports on all HTTP traffic. Right now I can only find violation reports through Control Manager, which I am currently evaluating. I'm not interested in the threat, spam, spyware reports. I want to know what traffic is passing through the firewall and be able to match the traffic with an internal IP address if my HR department requests it.
This is currently not supported on the CSC module itself - it will only log denied flows.
There are a number of options available to determine what IP addresses access devices outside the ASA. You can monitor the connection syslogs - this will not provide the hostname on the outside but will provide the inside IP address, the translation, and destination IP address. If you enable 'inspect http', this command will create a syslog with each URL access (however, enabling this feature may have adverse effects on some websites). Implementing NetFlow (available in ASA version 8.2) will give you the ability to more easily watch flows.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...