how to monitor network traffic on cisco asa5510
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2008 03:31 AM
Hi all. Currently my office users are going to the internet through cisco asa5510. Recently internet users complain internet traffic is very slow. A check with the isp and i was told that download/upload traffic on my end is very high. How can i make use of the adsm to monitor the traffic and determine which hosts(private ip address) is hogging up the network. Do i have to use any 3rd party tools. Currently i have only privilege 0 access to the firewall and hence cannot modify the firewall. The user acct with privilege 15 has since left the company together with the password. Pls advise. Thks in advance.
- Labels:
-
Network Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2008 01:37 PM
This is a great tool I've evaluated for this purpose, have a look at it:
However you can do this with any SNMP-Viewer/MIB Browser type of tool. You just have to allow SNMP access to the firewall.
Please note that ASA 8.x has support for NetFlow as well AFAIR.
Regards
Farrukh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2008 02:06 AM
Hi Farrukh,
THks for the reccomendation. Fireplotter is indeed a very useful monitoring tool. When i use it for monitoring i found my outbound traffic is very high. From this outbound traffic i narrow down to the particular pc that is causing this problem. The user of that pc was using p2p software to download videos. After i got the user to shutdown the software, internet traffic subside alot. Since the user is downloading instead of uploading, shldnt the fireplotter reflect inbound traffic instead of outbound traffic? Can i say that outbound traffic is reflected in fireplotter when the user is downloading because the user initated the connection? Pls advise. I would also like to know if i can log the information from fireplotter to a log file? Thks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2008 02:35 AM
Yes this is exactly what I use it for, tracing users before they even hit the proxy server :). We use it to monitor FWSM(s).
Yes I also have a difficult time understanding the direction of traffic. However it could be that the user is offering files to others on the p2p network (therefore uploading). So its better you use a browser or FTP to download something and then check the direction in FirePlotter.
I'm unaware of any such feature to store data in log files. It seems to be a real-time tool.
Ragards
Farrukh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 01:41 PM
what has to be configured on the asa for fireplotter to work? config example?
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2008 10:45 PM
Here you go:
http://www.fireplotter.com/doc/OnlineHelp.htm#Setting_Up_Your_Cisco_PIX/ASA_Firewall_for_FirePlotter
Please rate if helpful.
Regards
Farrukh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2008 12:10 AM
HI All
I used fireplotter and did not find it had everything i needed, try use fwanalyzer, it gives you all the information you need and more :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2008 12:35 AM
Both tools do separate things. You have to compare the costs/feature advertised etc. There is no doubt that the manage engine product is more comprehensive.
Regards
Farrukh
