Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
2
Replies

Bandwidth and Conversations

Go to solution
oneirishpollack
Level 1
Level 1

‎02-14-2013 12:53 PM

Our network is designed as follows:

Access Switch ---  (VLANS)  ----> Core Switch (SVIs)   -----Inside --> ASA 5510 --Outside-----> Edge Router

Our internal traffic gets PAT'd to a specific outside address based on the VLAN it is on.

We are trying to track what specific internal (private) addresses are utilizing the most bandwidth and where they are going.

I have setup netflows on the edge router and am able to send them to our Foglight NMS. The only problem is that I get the PAT'd external address as the source and the destination address. Since that address is a pool address for all the devices on a VLAN, it doesn't narrow down the specific machine on the inside that is sending.

I have also setup netflows on my L3 Core switch and am able to send them to our Foglight NMS. The only problem there is that I get the individual (inside) private addresses, but with a destinating of the SVIs (gateway). So that doesn't narrow down where they are going.

In short, using the ASA, NMS, or some other method (sniffer?), what is the best way to collect the source (inside address) to destination (outside address) to determine the amount of data, the speific inside device, and the specific outside address it is going to? I would like to so this both ways - inside to outside and outside to inside.

It would provide with something like the example below:

Source        Destination        Port/Protocol/Application  Packets       KBps

10.9.3.12     8.8.4.4              80                                    79502          106,1816


Thanks for any and all suggestions you can provide. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brett.harding
Level 1
Level 1

‎02-17-2013 07:52 PM

Hi,

I suspect you are performing PAT on the ASA. It is strange that flows from the Core Switch are showing all destinations as the SVI interface, do you have proxy arp enabled? You may want to look at implementing netflow on your ASA5510. Netflow v9 is support on the ASA platform starting with version ASA 8.2.1/ASDM 6.2.1

Hope that helps

Cheers

Brett

View solution in original post

0 Helpful
2 Replies 2

Go to solution
brett.harding
Level 1
Level 1

‎02-17-2013 07:52 PM

Hi,

I suspect you are performing PAT on the ASA. It is strange that flows from the Core Switch are showing all destinations as the SVI interface, do you have proxy arp enabled? You may want to look at implementing netflow on your ASA5510. Netflow v9 is support on the ASA platform starting with version ASA 8.2.1/ASDM 6.2.1

Hope that helps

Cheers

Brett

0 Helpful

Go to solution
oneirishpollack
Level 1
Level 1
In response to brett.harding

‎02-21-2013 06:49 AM

Thanks. Upgrading to ASA 8.2 and then following the instructions below did the trick:

https://supportforums.cisco.com/servlet/JiveServlet/showImage/102-6114-4-1786/sp5.JPG

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card