Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
461
Visites
0
Compliment
6
Réponses

ASA: replication of an Ethernet port - e.g. for WireShark/archiving

Joerg.Teske
Level 1
Level 1

le ‎22-11-2023 09:24 AM

Hello

        is there a possibility to perform a replication of a port on a Cisco ASA (e.g. to archive a copy of the data)?

The monitor command to be used on other Cisco equipment is not existing on the ASA.


Best regards


Jörg

Étiquettes :
0 Compliments
6 RÉPONSES 6

balaji.bandi
Hall of Fame
Hall of Fame

le ‎22-11-2023 09:27 AM

What model of ASA - you can use Packet capture to send over to remote :

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

If the old model with Switch port on it, you can use command - switchport monitor

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Compliments

Joerg.Teske
Level 1
Level 1
En réponse à balaji.bandi

le ‎22-11-2023 10:05 AM

Thank you for this fast answer. I use an ASA-5508-X.

Your link is explaining how to capture packages (mainly local in a buffer of the ASA) and to transfer this data later on.

What I search is to duplicate packages (no change of format, quasi realtime) and to send them to a second destination.
We use this for UDP packages. This is well working using a replicated port on a switch. The aim is to reduce the hardware using directly the ASA. 

The switchport monitor command seems not to be available.

0 Compliments

MHM Cisco World
VIP
VIP

‎22-11-2023 09:39 AM - modifié ‎22-11-2023 09:39 AM

https://ultraconfig.com.au/blog/how-to-packet-capture-on-a-cisco-asa-firewall/

Check this' not real time is so hard to asa cpu.

Keep capture real-time as short ss possible.

MHM

0 Compliments

Joerg.Teske
Level 1
Level 1
En réponse à MHM Cisco World

le ‎22-11-2023 10:14 AM

Thank you. See above. This is not what we need. Sorry if I was not clear enough.

0 Compliments

MHM Cisco World
VIP
VIP
En réponse à Joerg.Teske

le ‎22-11-2023 10:31 AM 

copy /pcap capture:pc-traffic-ssh tftp://<server-ip-address>

This copy pcap to server which then can show via wiresharke.

But I think you want real time monitoring.

I will check 

MHM

0 Compliments

Joerg.Teske
Level 1
Level 1
En réponse à MHM Cisco World

le ‎23-11-2023 12:41 AM

Thank you, I'm not sure that the ASA is able to perform this replication - I found only the following for other Cisco elements:

https://www.it-connect.fr/configurer-le-port-mirroring-sous-cisco/


0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos R&S
Customers Also Viewed These Support Documents