11-14-2013 04:03 AM - edited 03-11-2019 08:04 PM
hey guys..
I have a question.
We have 2 different offices at 2 different locations, these locations are connected via a VPN tunnel (IPSec, site to site) configured on Cisco ASA Firewall on both the sides. We do see the netflow between these two locations , but we do not get the exact server details on both the ends in netflow, only detail that we get is the outside IP of both the firewalls.
Below is the scenario & what we want to achieve.
Location A , Server A --> Firewall at location A --> IPSec tunnel -->Firewall at location B -->Server B
What is happening now is that in NTA, we get the source & destination as Outside Interface on both the Firewall, what we want is the IP Address of Server A & Server B as source & destination.
Is the above achievable?
Solved! Go to Solution.
11-18-2013 07:19 AM
Yes, once you apply the service-policy to the inside interface where the traffic you want to monitor is ingressing the ASA, you will see the correct source and destination IPs. Unless you have some other device further into your network that is performing NAT, then you will see the NATed address.
--
Please rate all helpful posts
11-17-2013 12:30 PM
to which interface did you apply the service-policy? From the sounds of it you applied it to the outside interface, this will show the source and destination as the public / ASA interface IPs. Apply the service-policy to the inside interface on the ASA and you should see the correct source and destination IPs.
--
Please rate all helpful posts.
11-18-2013 04:37 AM
hi maruis,
Yes , we have applied the service-policy on the outside interface. If we change the service policy to inside interface, will we be able to view the exact source & destination IP of the servers behind the firewall?
11-18-2013 07:19 AM
Yes, once you apply the service-policy to the inside interface where the traffic you want to monitor is ingressing the ASA, you will see the correct source and destination IPs. Unless you have some other device further into your network that is performing NAT, then you will see the NATed address.
--
Please rate all helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide