Improve company productivity with a Business Account.Sign Up

x
?
Solved

Cisco ASA Hardware Resource Question for Netflow and Traffic Policing

Posted on 2014-02-12
1
Medium Priority
?
468 Views
Last Modified: 2014-02-18
Hello all,

I would like to leverage and extract more value out of our Cisco ASA.  Specifically with regards to bandwidth management and network monitoring.

I would like to enable Netflow exporting on the ASA to a "Netflow Trap" as well as traffic policing or shaping, the latter of which uses the ASA's RAM for buffering.

Currently our ASA has 256 RAM and can be maxed out at 512MB.  Of the 256 we are using 150MB.  Also, CPU usage is very low, around 15%.

My question is, if I turn on Netflow as well as some form of simple traffic policing or shaping, how much RAM do you think will be used up by doing so?  Just wonder if anyone has had experience with doing these particular things.

thanks for the help.
0
Comment
Question by:CnicNV
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 1500 total points
ID: 39854106
You will need to set up SNMP on that ASA, I recommend SNMP v3
sh run snmp-server 

snmp-server location Main-location
snmp-server contact email@email.com


snmp-server group GROUP v3 priv
snmp-server enable traps all

snmp-server user YOUR_USERNAME GROUP v3 auth sha [pasword] priv aes 128 [pasword]

snmp-server host management 10.10.10.22 version 3 YOUR_USERNAME

object-group service GROUP-SNMP udp
 port-object range snmp snmptrap
access-list ACL-SNMP extended permit udp any any object-group GROUP-SNMP


class-map CLASS-SNMP-v3
 match access-list ACL-SNMP

snmp-map MAP-SNMPv3
 deny version 1
 deny version 2c
 deny version 2

policy-map global_policy
 class inspection_default
	class CLASS-SNMP-v3
  inspect snmp MAP-SNMPv3

Open in new window


and set up net flow v9
flow-export destination management 10.10.10.55 1999
flow-export template timeout-rate 1
flow-export delay flow-create 15
 description flow_export_class
  flow-export event-type all destination 10.10.10.55

Open in new window

0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question