Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2751
Views
4
Helpful
4
Replies

How to check which ip's are hitting on a particular interface of ASA 5520

prashantrecon
Level 1
Level 1

‎09-23-2012 11:05 PM - edited ‎03-11-2019 04:57 PM

Hi ,

I have a cisco asa 5520 and suddendley in my Network Monitor tool,(using SNMP)  asa's DMZ interface traffic is showing arround 90000 Kbit/s .

i want to check which traffic is flowing throgh this interface.(Ip address details)

Note : There is no impact on asa CPU usage.

Regards,

Prashant

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎09-24-2012 02:43 AM

Hi,

I guess there is several things you can check on your firewall.

  • Check the active connection on the ASA
    • show conn | inc

  • Check the hosts that have connections through the ASA on that interface
    • show local-host | begin Interface

  • Generate log messages to a syslog server from each connection formed
    • Either using "logging trap informational"
    • OR check what the Syslog ID for connection Building/Teardown is and change its logging level to your current one
    • OR configure logging parameters to the access-list/ACE statements to generate logging messages on certain syslog/logging level

  • Configure traffic capture on the interface and simply capture all the traffic on the firewall interface in question
    • The maximum buffer size for the capture is around 33,5MB but it can be set to overwrite the previous data
    • You also dont have to capture the complete packet
    • After the capture (or during it) you can copy the capture file to your computer and open it with Wireshark to see whats connections are being taken through the interface in question.

Those are just some things that came to mind. I'm sure theres probably other ways to go about this thing also.

- Jouni

prashantrecon
Level 1
Level 1
In response to Jouni Forss

‎09-24-2012 03:15 AM

Thanks it is very helpful

0 Helpful

Suresh Babu
Level 1
Level 1
In response to Jouni Forss

‎09-24-2012 03:59 AM


Hi All,

How do i check the same connection logs in ASDM GUI mode.

Please help...

Rgds

0 Helpful

prashantrecon
Level 1
Level 1
In response to Jouni Forss

‎09-24-2012 08:47 PM

Hi Jouni,

When i am checking the traffic in ASDM graph it is only showing me between 20 - 50 Kbps (and it is normal) at the same time on SNMP sensor dmz traffic is around 90,371 kbit/s.

so i think actual traffic is the ASDM graph traffic .

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card