Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2191
Views
0
Helpful
4
Replies

ASDM for multiple ASA monitoring

anthonyg10
Level 1
Level 1

‎02-15-2016 06:43 AM - edited ‎02-21-2020 05:43 AM

I have a request from on high to monitor existing ASA firewalls using only ASDM.  The need I have is to be able to monitor multiple devices for a variety of reasons --- from interface traffic to VPN sessions, etc.  I've been using snmp regularly to get what I need, but I don't see a way to get consistent, historical data on multiple devices using ASDM.  At least not in any practical sense.

I wanted to get community feedback on this problem.  It seems running multiple instances of ASDM on a single machine to keep track of more than a couple ASAs at once is wholly impractical.  What does everyone think?

0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-15-2016 10:54 AM

You can run multiple copies of ASDM on one machine (have done it many times myself).  I don't think I would open up more than 2 or 3 at once though.  They all look the same.  You have to keep checking the title bar to make sure you are working on the correct one.

It sounds like your needs would be better met using SNMP ...

0 Helpful

anthonyg10
Level 1
Level 1
In response to Philip D'Ath

‎02-16-2016 07:03 AM

That's pretty much what I was thinking --- limitations on how many instances I can run, actual historical information on a device, setting up the GUI each time to graph and chart what I need to see... etc.

When I can setup an snmp server and start grabbing traffic and health and VPN info right off the bat and let it run on multiple targets continuously and do it more efficiently, it makes the approach a lot more sensible.

0 Helpful

Samer R. Saleem
Level 4
Level 4

‎02-19-2016 09:13 AM

Hi Anthony,

regarding the historical data i think what you need is syslog server which will gather the information for anything you need according to your syslog enabled level 0 - 7

also for the VPN sessions i used event list from the ASA firewall that will send me any information for a VPN sessions to email

that can help you with troubleshooting, documentation, logs.

for the syslog you can use kiwilogs to save the logs into text, with sizes reaches to N of gigabytes

also you can take that log and use logs analyzer to view the data as a graph which is really great.

Hope that helped

Samer.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-21-2016 08:58 AM

I agree - wholly impractical.

Like others suggested, use a simple syslog server and I would add an SNMP tool. Something like PRTG can be easily setup to monitor interface traffic VPN sessions etc.

You can monitor up to 100 sensors (i.e individual SNMP elements - managing an ASA could use up several like pinging for uptime, monitoring an interface, monitoring VPN users etc.) with the free version.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card