I have a Cisco ASA 5505 setup with CLI and ASDM access. The unit is configured with a DMZ, an outside interface, and an inside interface. The LAN is mostly flat, with a single inside route to a separate segment that is isolated for security reasons. There are (2) IPSec VPNs terminating on this edge device (Cisco ASA 5505).
In front of the ASA is a Cisco 1800 router that routes a /28 subnet down from our ISP. We own the Cisco 1800 as well as the Cisco ASA.
We are seeing sporadic utilizations spikes that I need to track down, and I can't seem to figure out the best way to do this. What I need to know is WHICH inside hosts this traffic is going to, and WHICH outside hosts are causing it....we can't tell if the VPN is causing the traffic spike, or if it's one of the inside web hosts, etc...the only thing I CAN tell is that it is NOT the DMZ hosts causing the issue.
If anyone has any advice, I would appreciate it.