Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7972
Views
0
Helpful
3
Replies

SPAN Port on ASA 5505

Garland Moore
Level 1
Level 1

‎09-24-2013 10:50 PM - edited ‎03-11-2019 07:43 PM

Hi all,

I would like to setup a SPAN port on my outside interface on the ASA 5505.  I would like to see all traffice whether inbound or outbound.  Setting up a SPAN port seems pretty straight forward, my question is, if a packet hits the outside interface and is dropped will a copy of the packet still be sent to the SPAN destination?  Or does the packet have to actually enter the ASA for a copy of the packet to be sent to the ASA?  I've been unable to find a clear answer to this question but I would like to know before configuring the SPAN port.  Any help is much appreciated!

Labels:
0 Helpful
3 Replies 3

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎09-25-2013 11:23 AM

Garland,

SPAN session are only available on the Switches. If you setup an SPAN session on the port where the ASA is connected you should be able to see all the traffic that is leaving/getting to that switchport; so it doesn't matter if the ASA drops the packet; if the switch was able to send it you will see it.

There is also the capture feature on the ASA; you can capture the traffic that gets to the interface of the ASA you are troubleshooting.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

Garland Moore
Level 1
Level 1
In response to Luis Silva Benavides

‎09-25-2013 12:39 PM

Luis,

Thanks for your reply.  According to the link below it looks like this can be done on the ASA 5505, using the "switchport monitor" command, since it has switching capability.  Am I understanding this correctly or is there something Im not understanding?

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html#wp1067336

0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee
In response to Garland Moore

‎09-25-2013 12:46 PM

Hmm interesting; after 5 years working with ASAs is the first time I see this feature the ASA 5505 always surprises me.

Your understanding is correct. As long as the packet arrives to the switchport you are monitoring it should appear.

Regards,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card