Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12316
Views
25
Helpful
23
Replies

Monitoring ASA in Cisco Prime infrastructure 2.2

elnurh
Level 1
Level 1

‎01-29-2015 05:48 AM

Hi everybody.  I have some issue with cisco Prime Infrastructure  2.2.  We use this product in our network for monitoring network devices and I need to monitor also our ASA 5550 device with soft 8.4.  I  added ASA to Cisco PI but see only basic component like my device can reachable via  and read via snmp. But cannot see  CPU, RAM, Device ENV like Temperature, l2l vpn connection,  Interfaces status and Utilization that interfaces, cannot see sub interface that placed on ASA like that g0/0.20.  I need fully monitor ASA and See logs and trap for my device:

CPU RAM ENV (Temperature), Interface and sub interface status, L2L VPN  Status.

 

1 Cisco Prime infrastructure can full support  ASA for monitoring and logging.. IF YES how can i configure  that features in Cisco PI 2.2 for ASA

2 IF not which product Can full support that features for full monitoring and logging  ASA devices

 

I have a little deadline for finishing

thanks everybody before

1 person had this problem
Labels:
0 Helpful
23 Replies 23

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to elnurh

‎02-05-2015 02:38 PM

I've not success monitoring ASA interface utilization either. I'm using PI 2.2 with device update #1. The ASA is a 5585-X with 9.2(3) software.

I have deployed the PI monitoring template to the ASA and do see its overall status and PI has enumerated the interfaces in the device page.

I even looked at a packet capture and see PI querying the values of the interface counters and those values being sent back to PI - yet I cannot select any ASA interface when drilling down under Performance Detail monitoring.

When I get some free time I will open a TAC case on it, meanwhile I am getting all the info I need from the upstream and downstream switches.

0 Helpful

elnurh
Level 1
Level 1
In response to Marvin Rhoads

‎02-07-2015 02:42 AM

which template you deployed for ASA ? and can you see sub interface  on PI  or only ehternet interface and ip address interfacce

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to elnurh

‎02-07-2015 06:14 AM

Just the standard monitoring template.

The interfaces (physical as well logical IP and subinterfaces) only show up in the inventory.

PI does not present the ASA as one of the devices I can select in the performance details selector so I can't pull up graphs of the ASA interfaces in any way.

0 Helpful

Jorge Neyton Avila Pacheco
Level 4
Level 4
In response to Marvin Rhoads

‎05-04-2015 09:50 AM

Dear Marvin,

 

It means that PI doesn´t support monitoring and configuration for any Cisco ASA´s?

 

Let me know your comments.

Thanks in advance!

 

Neyton

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jorge Neyton Avila Pacheco

‎05-04-2015 10:23 AM

No, it just has issues with performance counters in the monitoring template.

We can monitor an ASA's SNMP traps and syslog events with Prime Infrastructure.

Prime will query via SNMP for device status, interface status, CPU and memory utilization etc. and correctly display those.

It will detect configuration changes and archive based on that.

Jorge Neyton Avila Pacheco
Level 4
Level 4
In response to Marvin Rhoads

‎05-04-2015 10:43 AM

Perfecto. So, it is possible to connect ASA with Netflow in Prime Infrastructure? It's supported Netflow between ASA5510 and Prime?

Thanks for your answer friend.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jorge Neyton Avila Pacheco

‎05-04-2015 10:47 AM

Sorry - the Netflow from ASAs will not work with PI.

ASAs use the NSEL format instead of the more common v5 or v9 formats. PI cannot interpret NSEL (yet - as of PI 2.2).

It's mentioned in the release notes and we covered it in a thread a couple of months back. Reference.  

Jorge Neyton Avila Pacheco
Level 4
Level 4
In response to Marvin Rhoads

‎05-04-2015 10:59 AM

Thanks Sir! :)

Do you know if the new FireSIGHT Management Center support Netflow or any other tool to capture real traffic and generate monthly reports for traffic (source, destination, port, etc)?

How can I get a real time information about who is downloading any file from X source to X destination and identify the type of traffic? ...

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jorge Neyton Avila Pacheco

‎05-04-2015 11:21 AM

You're welcome.

FMC can do reporting on traffic volumes and identify users - assuming you have FirePOWER modules, are inspecting the traffic with them and have all of the licensing and policies applied. It doesn't use Netflow but rather analysis of the traffic using it's own packet inspection techniques.

Easier is to have the ASAs report to a third party tool like Paessler PRTG, Solarwinds NTA or Plixer Scrutinizer. Those (among others) do understand NSEL.

Or you could collect your Netflow from a router or L3 switch that uses standard Netflow and send it to PI (with the necessary Assurance license).

Customers Also Viewed These Support Documents