Solved

Cisco ASA - View real-time incoming connections using ASDM

Posted on 2015-01-15
6
666 Views
Last Modified: 2015-01-28
Using the ASDM real time log viewer, all I see are outbound connections.  Is there anyway to view incoming connections?

I have an internal website using an ACL and NAT.  Logging is enabled for that ACL and I can see Hits on the counter.  If I right click on that ACL and select show log, there is nothing there.  I also tried setting logging on that ACL to debugging and still nothing.  

When looking at the Real-Time Log Viewer all I see are outgoing connections, showing our inside IPs for source and internet IPs for destinations.

Thanks
0
Comment
Question by:arad1
  • 3
  • 2
6 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40553196
for real time logging, also need to consider the type of logging set and likely you need a more verbose one like debugging instead of default information only.
 https://supportforums.cisco.com/discussion/11222801/asdm-logging-does-not-appear-correctly

 However, do note even in debugging level, the syslogs do not show individual packets, which is why the above offline or the CLI approach is alternative suggestion. You can do a packet capture on the interface and offline check but it is not real time then. Regardless, you can view the captures from CLI using the "sh capture"or use other s/w like Wireshark to view the export capture (pcap) packets. See below for more info on the steps
 http://www.tunnelsup.com/packet-captures-on-cisco-asa
 https://supportforums.cisco.com/document/6971/packet-capture-asapix-fwsm
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40565187
You could also use a Syslog server to capture all that information and view it with all sorts of filters to get granular reporting. There's a whole bunch of free tools - Kiwi, PRTG, etc. We're using AccelOps and we think it's great.
0
 

Assisted Solution

by:arad1
arad1 earned 0 total points
ID: 40566852
So I guess at this time it can't be done.  Closest I can get it using the packet capture wizard and at the end just keep hitting get capture buffer.  Thanks btan for the links provided.  Your last one looks to be 6 years old and images don't show.  Below is a more concurrent one for anyone else looking.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

I'm not sure how to close or mark a question answered that didn't really get what I was looking for.

Thanks
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 62

Expert Comment

by:btan
ID: 40567574
thanks for sharing, the pcap capture is still the safe bet and not real time. in fact, most are doing that for in depth analysis offline. Similar to this post which means long time it has exist and till now not much diff ..
http://ipfield.net/2013/06/asa-packet-capture-using-cli-and-asdm-config-example/

Another area that I was thinking s netflow but then it is not real time too..
0
 

Author Closing Comment

by:arad1
ID: 40574819
Included my own post since I provided a more up to date link.
0
 
LVL 62

Expert Comment

by:btan
ID: 40574867
thanks for sharing
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question