Monitoring Traffic on a Cisco ASA5505

Hi,

A client on a site we recently took over has a Cisco ASA5505 as their gateway device. We have been provided with the login & enable passwords. I have some exposure to Cisco OS, but this has been mainly with routers and its just the basics that I know. (I attended a CCNA course but never actually sat the exam)

What I want to be able to do is monitor network traffic on the ASA, produce reports that will show me bandwidth usage etc, and preferably do this without spending money on software. I have read articles relating to NetFlow protocol, but from what I can determine the ASA device does not support NetFlow.

Can anybody help me? This is quite urgent
darraghcoffeyAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Correct, you can't use Netflow on the ASA but you can monitor overall bandwidth utilization if you enable SNMP on the ASA and use MRTG or Cacti to monitor the interface usage.  You can look into Fireplotter which will give you detailed information on the connections through the box (similar to Netflow) but at a cost (trial available I believe).
0
 
darraghcoffeyAuthor Commented:
Ok, I'll have a look into this - thanks for pointing me in the right direction. I'll let you know how I get on
0
 
akalbfellCommented:
you can also monitor overall bandwidth just by logging into the ASA via the ASDM.
there are a bunch of graphs you can pull up, below is the interface rate graph...this can show real time, 5, 10, 60 min, 1 day and 5 day intervals
as jfrederick said if you want to monitor by user you need to use netflow on a router
monitor.JPG
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
darraghcoffeyAuthor Commented:
Mmmm

JFrederick29 - I've had a look at Fireplotter & information wise that is exactly what I need. However, I would need some way of storing historical data for a period of time, e.g. 24hrs, and exporting it for analysis.

I haven't looked at Cacti yet

akalbfell: Forgive me if this sounds stupid, but I am a relatively new to Cisco. Where would I get this software? Is there a setup guide to get the ASA to work effectivrly with this software?
0
 
JFrederick29Commented:
Not sure on the historical aspect of Fireplotter but I would assume you can archive the data (I would hope).

Cacti will give you overall bandwidth utilization without the detail per flow.   ASDM is bundled with the ASA, you simply need to access it via HTTPS but Cacti will give you better historic trending.
0
 
akalbfellConnect With a Mentor Commented:
you should have the ASDM on the firewall already so it should be pretty easy

telnet into the device and give yourself http access using the command below
http x.x.x.x 255.255.255.255 <interface>

where x.x.x.x is your IP and the interface is the name, either outside or inside

the 255.255.255.255 means just the IP you type there can access it, nobody else

now just open up a browser and go to https://<ip of ASA>
you can run the ASDM right from there or download and install it

JFrederick is absolutely correct that the historical reporting when using another system is much better but if you just need to login and look at real time or a few days back its an easy solution.
0
 
akalbfellCommented:
and just to clarify, the ASDM is a graphical interface to manage the ASA. If you are new with the device its a good place to start rather than jumping right into the CLI...IMO
0
 
darraghcoffeyAuthor Commented:
Ok, I think we are starting to get somewhere now - many thanks to both of you for your help to date

I had tried to log into the ASA via the https interface before posting

I am being prompted for a user name and password

I wasn't sure if http server was enabled or not so I ran the following commands from the configuration menu
http server enable
http 1.2.3.4 255.255.255.255 inside (where 1.2.3.4 is server ip i initiate the https session from)

i am still presented with a username and password prompt. I have tried usernames admin, root & manager with both the CLI password and the enable password, but authentication always fails

I then created a user via CLI, and tried to login via https console using that new user. Authentication seems to be successful when I do this, but I am then present with a http 404 error page in my browser

Think we're getting close here - thanks again for all your help

0
 
JFrederick29Commented:
Can you post the following:

show run aaa

Did you use the privilege 15 option on the user you created?

username <user> password <password> privilege 15

The priv 15 is needed for admin access.
0
 
darraghcoffeyAuthor Commented:
OK,

I hadn't enabled privilege on my new user - I've just done that but it hasn't made a difference - when I try to login via https it seems to auhenticate, I then get redirected to https://1.2.3.4/admin/index.html , and then get a http 404 error in my browser

When I type show run aaa, it just returns to the enable mode menu (routername#)
It seems its looking for other parameters - accounting, authentication, authorization, mac-exempt, proxy-limit

This is where I get stuck : )
0
 
akalbfellCommented:
dont think the ASDM is on there. Can you do the command show disk0: and paste the output here just to confirm
0
 
darraghcoffeyAuthor Commented:
routername> show disk0:
-#- --length-- -----date/time------ path
  6 8386560    Apr 26 2008 11:38:46 asa723-k8.bin
  7 4181246    Apr 26 2008 11:40:00 securedesktop-asa-3.2.1.103-k9.pkg
  8 398305     Apr 26 2008 11:40:20 sslclient-win-1.1.0.154.pkg
  9 7295568    Jun 10 2008 08:38:08 asdm-611.bin
 10 0          Apr 26 2008 11:43:16 crypto_archive
 13 14635008   Jun 10 2008 07:46:06 asa803-k8.bin
 14 0          Jun 10 2008 07:48:06 log
 24 5          Jun 10 2008 07:48:26 csco_config/locale/clean.8.0.done
 27 3224       Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/customizat
ion.po
 28 4481       Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/PortForwar
der.po
 29 32846      Jun 10 2008 07:48:26 csco_config/locale/ja/LC_MESSAGES/webvpn.po
 32 2430       Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/customizat
ion.po
 33 4149       Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/PortForwar
der.po
 34 30822      Jun 10 2008 07:48:26 csco_config/locale/fr/LC_MESSAGES/webvpn.po
 36 2864       Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/PortForwarder
.po
 37 18503      Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/webvpn.po
 38 896        Jun 16 2008 05:54:24 csco_config/locale/LC_MESSAGES/banners.po

91942912 bytes available (35168256 bytes used)

routername>
0
 
akalbfellCommented:
Can you see if this line is in the config? prob be
asdm image disk0:/asdm-611.bin

if you dont see that enter it then do write mem and reboo the device and give it a try
0
 
darraghcoffeyAuthor Commented:
The following lines are in the config (its slightly different to what you posted)
routername# show run
.
.
.
asdm image disk0:/flash@asdm-611.bin
no asdm history enable

.
.
.
.
0
 
akalbfellCommented:
not sure if that is right, looks kind of odd to me

get rid of the command you have, put the one i typed and reboot then see if it works
0
 
darraghcoffeyAuthor Commented:
Hi Guys,

Sorry for the delay in getting back to you.

I've accepted both your solutions, but but split point 300/200 because I ended up using Fireplotter as the solution. Fireplotter sent me on the latest version of their software (V2 not V1.4 that was available  at the time) and V2 can record historical data.

I believe the asdm command supplied by akalbfell would have worked, but I didn't have the courage to mess with a production device not really knowing what I was doing. ; )
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.