• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1621
  • Last Modified:

View usage Traffic in Cisco ASA

Dear All,
I have a corporate DSL connection 1.5Mbps connecting to my Cisco ASA and then to my core switch and access switch in my office. For the last 2 days, my internet is showing FULL traffic throughout the working hours. I want to know which IP is causing the traffic. On the home page of my Cisco ASA 7.1 i can see under 'Interface Status' the interface titled 'Outside' is taking almost 1.7Mbps. I want to know which local IP of mine is causing this traffice. Any solution on how to see this. I can see the traffic usage graph in the home page under 'Outside' Interface traffic usage but cannot seee any details there. Can anyone help me pls.
0
kelpere
Asked:
kelpere
  • 4
  • 3
1 Solution
 
harbor235Commented:


First are you aware of the recent Cisco advisory that recommended ASA code be upgraded based upon
security vulnerabilities.

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml

You can use wireshark on the end system to sniff the traffic.

On the ASA you can use the capture command:

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_PIX_/_ASA_packet_capture_feature

harbor235 ;}
0
 
kelpereAuthor Commented:
I am unable to do un apgrade as of now. i will try the capture command and wil post the results. My ASA version is now ASA 5520 7.1 and ASDM I am using is 5.1
0
 
kelpereAuthor Commented:
Guys....is there an option to run an "ip accounting" command on my ASA 5520 to accomplish what I am looking for.Capture command is not what I am looking for.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
harbor235Commented:


what are you looking for?

harbor235 ;}
0
 
kelpereAuthor Commented:
On my ASA Outside interfacee, I want to know which local IP address is causing me the maximum traffic. On my internet router's (Cisco SOHO97) ethernet interface, I went to the exec mode and ran a 'sh IP accounting' command. But  I can't do it on my ASA as IP Accounting command is not recognised there. Is there any workaround?
0
 
harbor235Commented:


Typically other devices in your network provide you this information, the firewall typicall inspects all traffic and implements a security policy. However, the is netflow secure event logging which uses netflow templates.  NSEL is a security logging mechanism that is built on NetFlow Version 9 technology.

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/monitor.html#wp1109506

harbor235 ;}
0
 
kelpereAuthor Commented:
I had to purchase a third party solution and got what Im looking for. thanks for the support.
0
 
jakemichaelwilsonCommented:
Scrutinizer is free and it support NetFlow from the Cisco ASA Firewall:
http://www.plixer.com/products/netflow-sflow/free-netflow-scrutinizer.php

Here is how to configure it:
http://www.plixer.com/blog/netflow/netflow-security-event-logging-with-the-cisco-asa/ 

Mike
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now