Re: ASA 5500 analyze traffic?

kmacdonald · ‎08-26-2010

We have a Cisco ASA 5510 security device.

Here recently it seems every day at the same time (between 3 and 4 pm) our internet connection (4 bonded t1's) comes to a crawl. I've looked through the Cisco but haven't been able to find anything useful. I'd like to see what internal clients are accessing what externally and maybe see a bandwidth report for each client. Is this possible? I'd like to track down what is going on at these times. We never had this problem before I implemented the ASA about 4 months ago. I doubt it is the device, I just need to know what is going on and the only way I can think of doing so is running some report from the ASA.

Thanks!

Jitendriya Athavale · ‎08-26-2010

well i think a goo dpoint to start would be ask your isp/service provider to give you a stats of traffic around that time

this will give you a good idea about bandwidth utilzation of your T1

try to find out what is happening between 3 to 4 pm in your network, many times there could be scheduled backups happening at fixed times in a day and this traffi cmight be too much and overloading the firewall

check the following during this time

logs - to see if you find something wierd

cpu -see how it fares betwene 3-4 pm when compared to rest of the day

show xlate - again as above

show conn - again as above

and my final answer if you have smartnet - open TAC CASE - we will be more than happy to investigate

praprama · ‎08-26-2010

Hi,

Just to add on here, ASDM has some important graphs which might help you as well.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/intro.html#wp1044840

As seen, you can see TOP access-list hits, Top USage (including source address, dest address and service). Hope this helps.

Regards,

Prapanch