Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4572
  • Last Modified:

Monitoring Traffic on a Cisco ASA5505

Hi,

A client on a site we recently took over has a Cisco ASA5505 as their gateway device. We have been provided with the login & enable passwords. I have some exposure to Cisco OS, but this has been mainly with routers and its just the basics that I know. (I attended a CCNA course but never actually sat the exam)

What I want to be able to do is monitor network traffic on the ASA, produce reports that will show me bandwidth usage etc, and preferably do this without spending money on software. I have read articles relating to NetFlow protocol, but from what I can determine the ASA device does not support NetFlow.

Can anybody help me? This is quite urgent
0
darraghcoffey
Asked:
darraghcoffey
  • 7
  • 6
  • 3
2 Solutions
 
JFrederick29Commented:
Correct, you can't use Netflow on the ASA but you can monitor overall bandwidth utilization if you enable SNMP on the ASA and use MRTG or Cacti to monitor the interface usage.  You can look into Fireplotter which will give you detailed information on the connections through the box (similar to Netflow) but at a cost (trial available I believe).
0
 
darraghcoffeyAuthor Commented:
Ok, I'll have a look into this - thanks for pointing me in the right direction. I'll let you know how I get on
0
 
akalbfellCommented:
you can also monitor overall bandwidth just by logging into the ASA via the ASDM.
there are a bunch of graphs you can pull up, below is the interface rate graph...this can show real time, 5, 10, 60 min, 1 day and 5 day intervals
as jfrederick said if you want to monitor by user you need to use netflow on a router
monitor.JPG
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
darraghcoffeyAuthor Commented:
Mmmm

JFrederick29 - I've had a look at Fireplotter & information wise that is exactly what I need. However, I would need some way of storing historical data for a period of time, e.g. 24hrs, and exporting it for analysis.

I haven't looked at Cacti yet

akalbfell: Forgive me if this sounds stupid, but I am a relatively new to Cisco. Where would I get this software? Is there a setup guide to get the ASA to work effectivrly with this software?
0
 
JFrederick29Commented:
Not sure on the historical aspect of Fireplotter but I would assume you can archive the data (I would hope).

Cacti will give you overall bandwidth utilization without the detail per flow.   ASDM is bundled with the ASA, you simply need to access it via HTTPS but Cacti will give you better historic trending.
0
 
akalbfellCommented:
you should have the ASDM on the firewall already so it should be pretty easy

telnet into the device and give yourself http access using the command below
http x.x.x.x 255.255.255.255 <interface>

where x.x.x.x is your IP and the interface is the name, either outside or inside

the 255.255.255.255 means just the IP you type there can access it, nobody else

now just open up a browser and go to https://<ip of ASA>
you can run the ASDM right from there or download and install it

JFrederick is absolutely correct that the historical reporting when using another system is much better but if you just need to login and look at real time or a few days back its an easy solution.
0
 
akalbfellCommented:
and just to clarify, the ASDM is a graphical interface to manage the ASA. If you are new with the device its a good place to start rather than jumping right into the CLI...IMO
0
 
darraghcoffeyAuthor Commented:
Ok, I think we are starting to get somewhere now - many thanks to both of you for your help to date

I had tried to log into the ASA via the https interface before posting

I am being prompted for a user name and password

I wasn't sure if http server was enabled or not so I ran the following commands from the configuration menu
http server enable
http 1.2.3.4 255.255.255.255 inside (where 1.2.3.4 is server ip i initiate the https session from)

i am still presented with a username and password prompt. I have tried usernames admin, root & manager with both the CLI password and the enable password, but authentication always fails

I then created a user via CLI, and tried to login via https console using that new user. Authentication seems to be successful when I do this, but I am then present with a http 404 error page in my browser

Think we're getting close here - thanks again for all your help

0
 
JFrederick29Commented:
Can you post the following:

show run aaa

Did you use the privilege 15 option on the user you created?

username <user> password <password> privilege 15

The priv 15 is needed for admin access.
0
 
darraghcoffeyAuthor Commented:
OK,

I hadn't enabled privilege on my new user - I've just done that but it hasn't made a difference - when I try to login via https it seems to auhenticate, I then get redirected to https://1.2.3.4/admin/index.html , and then get a http 404 error in my browser

When I type show run aaa, it just returns to the enable mode menu (routername#)
It seems its looking for other parameters - accounting, authentication, authorization, mac-exempt, proxy-limit

This is where I get stuck : )
0
 
akalbfellCommented:
dont think the ASDM is on there. Can you do the command show disk0: and paste the output here just to confirm
0
 
darraghcoffeyAuthor Commented:
routername> show disk0:
-#- --length-- -----date/time------ path
  6 8386560    Apr 26 2008 11:38:46 asa723-k8.bin
  7 4181246    Apr 26 2008 11:40:00 securedesktop-asa-3.2.1.103-k9.pkg
  8 398305     Apr 26 2008 11:40:20 sslclient-win-1.1.0.154.pkg
  9 7295568    Jun 10 2008 08:38:08 asdm-611.bin
 10 0          Apr 26 2008 11:43:16 crypto_archive
 13 14635008   Jun 10 2008 07:46:06 asa803-k8.bin
 14 0          Jun 10 2008 07:48:06 log
 24 5          Jun 10 2008 07:48:26 csco_config/locale/clean.8.0.done
 27 3224       Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/customizat
ion.po
 28 4481       Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/PortForwar
der.po
 29 32846      Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/webvpn.po
 32 2430       Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/customizat
ion.po
 33 4149       Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/PortForwar
der.po
 34 30822      Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/webvpn.po
 36 2864       Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/PortForwarder
.po
 37 18503      Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/webvpn.po
 38 896        Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/banners.po

91942912 bytes available (35168256 bytes used)

routername>
0
 
akalbfellCommented:
Can you see if this line is in the config? prob be
asdm image disk0:/asdm-611.bin

if you dont see that enter it then do write mem and reboo the device and give it a try
0
 
darraghcoffeyAuthor Commented:
The following lines are in the config (its slightly different to what you posted)
routername# show run
.
.
.
asdm image disk0:/flash@asdm-611.bin
no asdm history enable

.
.
.
.
0
 
akalbfellCommented:
not sure if that is right, looks kind of odd to me

get rid of the command you have, put the one i typed and reboot then see if it works
0
 
darraghcoffeyAuthor Commented:
Hi Guys,

Sorry for the delay in getting back to you.

I've accepted both your solutions, but but split point 300/200 because I ended up using Fireplotter as the solution. Fireplotter sent me on the latest version of their software (V2 not V1.4 that was available  at the time) and V2 can record historical data.

I believe the asdm command supplied by akalbfell would have worked, but I didn't have the courage to mess with a production device not really knowing what I was doing. ; )
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 7
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now