Solved

Cisco ASA Hardware Resource Question for Netflow and Traffic Policing

Posted on 2014-02-12
1
451 Views
Last Modified: 2014-02-18
Hello all,

I would like to leverage and extract more value out of our Cisco ASA.  Specifically with regards to bandwidth management and network monitoring.

I would like to enable Netflow exporting on the ASA to a "Netflow Trap" as well as traffic policing or shaping, the latter of which uses the ASA's RAM for buffering.

Currently our ASA has 256 RAM and can be maxed out at 512MB.  Of the 256 we are using 150MB.  Also, CPU usage is very low, around 15%.

My question is, if I turn on Netflow as well as some form of simple traffic policing or shaping, how much RAM do you think will be used up by doing so?  Just wonder if anyone has had experience with doing these particular things.

thanks for the help.
0
Comment
Question by:CnicNV
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 500 total points
ID: 39854106
You will need to set up SNMP on that ASA, I recommend SNMP v3
sh run snmp-server 

snmp-server location Main-location
snmp-server contact email@email.com


snmp-server group GROUP v3 priv
snmp-server enable traps all

snmp-server user YOUR_USERNAME GROUP v3 auth sha [pasword] priv aes 128 [pasword]

snmp-server host management 10.10.10.22 version 3 YOUR_USERNAME

object-group service GROUP-SNMP udp
 port-object range snmp snmptrap
access-list ACL-SNMP extended permit udp any any object-group GROUP-SNMP


class-map CLASS-SNMP-v3
 match access-list ACL-SNMP

snmp-map MAP-SNMPv3
 deny version 1
 deny version 2c
 deny version 2

policy-map global_policy
 class inspection_default
	class CLASS-SNMP-v3
  inspect snmp MAP-SNMPv3

Open in new window


and set up net flow v9
flow-export destination management 10.10.10.55 1999
flow-export template timeout-rate 1
flow-export delay flow-create 15
 description flow_export_class
  flow-export event-type all destination 10.10.10.55

Open in new window

0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 105
Setting up a VPN 60 205
Factory Reset of Juniper SSG20 2 40
software inventory tools 3 60
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question