Solved

Monitoring Traffic on a Cisco ASA5505

Posted on 2009-05-20
16
4,421 Views
Last Modified: 2012-05-07
Hi,

A client on a site we recently took over has a Cisco ASA5505 as their gateway device. We have been provided with the login & enable passwords. I have some exposure to Cisco OS, but this has been mainly with routers and its just the basics that I know. (I attended a CCNA course but never actually sat the exam)

What I want to be able to do is monitor network traffic on the ASA, produce reports that will show me bandwidth usage etc, and preferably do this without spending money on software. I have read articles relating to NetFlow protocol, but from what I can determine the ASA device does not support NetFlow.

Can anybody help me? This is quite urgent
0
Comment
Question by:darraghcoffey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
16 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 300 total points
ID: 24432768
Correct, you can't use Netflow on the ASA but you can monitor overall bandwidth utilization if you enable SNMP on the ASA and use MRTG or Cacti to monitor the interface usage.  You can look into Fireplotter which will give you detailed information on the connections through the box (similar to Netflow) but at a cost (trial available I believe).
0
 

Author Comment

by:darraghcoffey
ID: 24432843
Ok, I'll have a look into this - thanks for pointing me in the right direction. I'll let you know how I get on
0
 
LVL 8

Expert Comment

by:akalbfell
ID: 24433297
you can also monitor overall bandwidth just by logging into the ASA via the ASDM.
there are a bunch of graphs you can pull up, below is the interface rate graph...this can show real time, 5, 10, 60 min, 1 day and 5 day intervals
as jfrederick said if you want to monitor by user you need to use netflow on a router
monitor.JPG
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 

Author Comment

by:darraghcoffey
ID: 24433492
Mmmm

JFrederick29 - I've had a look at Fireplotter & information wise that is exactly what I need. However, I would need some way of storing historical data for a period of time, e.g. 24hrs, and exporting it for analysis.

I haven't looked at Cacti yet

akalbfell: Forgive me if this sounds stupid, but I am a relatively new to Cisco. Where would I get this software? Is there a setup guide to get the ASA to work effectivrly with this software?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24433533
Not sure on the historical aspect of Fireplotter but I would assume you can archive the data (I would hope).

Cacti will give you overall bandwidth utilization without the detail per flow.   ASDM is bundled with the ASA, you simply need to access it via HTTPS but Cacti will give you better historic trending.
0
 
LVL 8

Assisted Solution

by:akalbfell
akalbfell earned 200 total points
ID: 24433591
you should have the ASDM on the firewall already so it should be pretty easy

telnet into the device and give yourself http access using the command below
http x.x.x.x 255.255.255.255 <interface>

where x.x.x.x is your IP and the interface is the name, either outside or inside

the 255.255.255.255 means just the IP you type there can access it, nobody else

now just open up a browser and go to https://<ip of ASA>
you can run the ASDM right from there or download and install it

JFrederick is absolutely correct that the historical reporting when using another system is much better but if you just need to login and look at real time or a few days back its an easy solution.
0
 
LVL 8

Expert Comment

by:akalbfell
ID: 24433602
and just to clarify, the ASDM is a graphical interface to manage the ASA. If you are new with the device its a good place to start rather than jumping right into the CLI...IMO
0
 

Author Comment

by:darraghcoffey
ID: 24433785
Ok, I think we are starting to get somewhere now - many thanks to both of you for your help to date

I had tried to log into the ASA via the https interface before posting

I am being prompted for a user name and password

I wasn't sure if http server was enabled or not so I ran the following commands from the configuration menu
http server enable
http 1.2.3.4 255.255.255.255 inside (where 1.2.3.4 is server ip i initiate the https session from)

i am still presented with a username and password prompt. I have tried usernames admin, root & manager with both the CLI password and the enable password, but authentication always fails

I then created a user via CLI, and tried to login via https console using that new user. Authentication seems to be successful when I do this, but I am then present with a http 404 error page in my browser

Think we're getting close here - thanks again for all your help

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24433826
Can you post the following:

show run aaa

Did you use the privilege 15 option on the user you created?

username <user> password <password> privilege 15

The priv 15 is needed for admin access.
0
 

Author Comment

by:darraghcoffey
ID: 24434547
OK,

I hadn't enabled privilege on my new user - I've just done that but it hasn't made a difference - when I try to login via https it seems to auhenticate, I then get redirected to https://1.2.3.4/admin/index.html , and then get a http 404 error in my browser

When I type show run aaa, it just returns to the enable mode menu (routername#)
It seems its looking for other parameters - accounting, authentication, authorization, mac-exempt, proxy-limit

This is where I get stuck : )
0
 
LVL 8

Expert Comment

by:akalbfell
ID: 24434570
dont think the ASDM is on there. Can you do the command show disk0: and paste the output here just to confirm
0
 

Author Comment

by:darraghcoffey
ID: 24434732
routername> show disk0:
-#- --length-- -----date/time------ path
  6 8386560    Apr 26 2008 11:38:46 asa723-k8.bin
  7 4181246    Apr 26 2008 11:40:00 securedesktop-asa-3.2.1.103-k9.pkg
  8 398305     Apr 26 2008 11:40:20 sslclient-win-1.1.0.154.pkg
  9 7295568    Jun 10 2008 08:38:08 asdm-611.bin
 10 0          Apr 26 2008 11:43:16 crypto_archive
 13 14635008   Jun 10 2008 07:46:06 asa803-k8.bin
 14 0          Jun 10 2008 07:48:06 log
 24 5          Jun 10 2008 07:48:26 csco_config/locale/clean.8.0.done
 27 3224       Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/customizat
ion.po
 28 4481       Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/PortForwar
der.po
 29 32846      Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/webvpn.po
 32 2430       Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/customizat
ion.po
 33 4149       Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/PortForwar
der.po
 34 30822      Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/webvpn.po
 36 2864       Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/PortForwarder
.po
 37 18503      Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/webvpn.po
 38 896        Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/banners.po

91942912 bytes available (35168256 bytes used)

routername>
0
 
LVL 8

Expert Comment

by:akalbfell
ID: 24434867
Can you see if this line is in the config? prob be
asdm image disk0:/asdm-611.bin

if you dont see that enter it then do write mem and reboo the device and give it a try
0
 

Author Comment

by:darraghcoffey
ID: 24434921
The following lines are in the config (its slightly different to what you posted)
routername# show run
.
.
.
asdm image disk0:/flash@asdm-611.bin
no asdm history enable

.
.
.
.
0
 
LVL 8

Expert Comment

by:akalbfell
ID: 24434953
not sure if that is right, looks kind of odd to me

get rid of the command you have, put the one i typed and reboot then see if it works
0
 

Author Closing Comment

by:darraghcoffey
ID: 31596775
Hi Guys,

Sorry for the delay in getting back to you.

I've accepted both your solutions, but but split point 300/200 because I ended up using Fireplotter as the solution. Fireplotter sent me on the latest version of their software (V2 not V1.4 that was available  at the time) and V2 can record historical data.

I believe the asdm command supplied by akalbfell would have worked, but I didn't have the courage to mess with a production device not really knowing what I was doing. ; )
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question