On the ASA5520 we would like to create a report that gives us trending over 6 monthes for the amount of people logged in via the SSL VPN and for how long. Is there a way to do this on the ASA5520? Does it have this ability? Could I do this in SolarWinds? My boss mentioned a software package that Cisco has that will show a history - is this correct?
View 1 RepliesI am using asa 5520 and asa 5540 for remote access vpn connections. Is it possible to do active monitoring of my vpn connections so that there would be alerts for vpn tunnels that fail to establish due to other reasons other than user authentication?
View 5 Replies View RelatedWe have a Cisco ASA 5520 supporting multiple VPNs - both remote-access and Lan-to-Lan. We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels.
View 3 Replies View RelatedI have an ASA 5520 running, user web trafic, incoming VPN and systems NAT for DMZ services. Nothing new for a standard firewall. I have upgraded the memory in it to 2GB, per Cisco so that I could install and run IOS 8.41. I have uploaded the both the IOS bn image and the ASDM 645 image and set it as the primary boot file. When I reload the ASA, everything boots fine, no errors and all traffic appears to be working fine.But here is my problem:ALL the previously configured VPN sessions will connect to the ASA and show that they are passing traffice (TX and RX increments through the monitor) but if I try to access a device on the other side of the VPN or they try to access services in the corporate network, the connection fails. Ping works, So I know I can reach the devices and the tunnel has been correctly created, but nothing else, . I did not change anything in the configurations for the VPN connectors.But, if I reload the ASA with the 8.21 version image, everything works just as before and all connections are good.
View 3 Replies View RelatedCurrently we are using a single connection to our ISP and in the coming months will be moving to a two seperate connections (to same ISP). In our current setup we utilize active/passive ASA's (5520, single context) and would like to utilize that going forward as well, the reason being is our DMZ's all hang off of these ASA's and we have fiber connectivity between our datacenters.Our main datacenter and DR Datacenter are basically one big LAN with fiber between them, so we have our DMZ networks at both locations currently with both terminating in our ASA's. That way if the ASA at our current site fails the DMZ's are still accessible via the secondary firewall at our DR facility.
View 1 Replies View RelatedI have a remote office that currently connects back to a Central data center via Site to Site VPN. I am bringing up a 2nd internet connection as a fall back in the Remote Office. How do I configure the Site to Site VPN to work correctly so that if the primary internet connection goes down, the site fails over to the secondary? On Remote the internet connections are from different providers so they have completely different blocks of public IPs.
Central
ASA 5520 8.0(4)
Gig 0/0 Public IP
Remote
ASA 5520 8.4(1)
Gig 0/0 Public IP
Gig 0/3 Public IP (2nd internet)
how many active TCP sessions my ASA has but having a hard time finding this information. When I do "show conn count" from the CLI it shows what I'm guessing is a sum of both TCP and UDP. Is there any way to get just the TCP connections?
View 3 Replies View Related I have one ASA5520 with version 8.4(3), and a few ACL rules defined. One ACL is permit traffic from one interface(EXT_SERVICE) to another interface(DMZ_SERVICE), if i change that rule to deny traffic, all new connections that match the rule is denied, but no the established connectios. ¿Why the established connections can pass the deny rule? ¿How I can change that? I need create a ACL with deny type and stop all comunications that is running and match the deny rule.
Running-config of my ASA5520:
ciscoasa# show run
: Saved
:
ASA Version 8.4(3)
!
hostname ciscoasa
enable password 8ay2wjIyt7RRXU24 encrypted passwd 2wFQnbNIdI.2KYtU encrypted names !
interface GigabitEthernet0/0
[Code] ........
I have the ASA5520, everyday I have a lot of connections through my ASA5520. But buffer in ASA5520 to save connections is limited. Now, I want my ASA can auto save the conn detail and Xlate to my Syslog server, how can i do that?
View 3 Replies View RelatedI currently have the default inspection engine configured in my firewall to inspect http traffic. I noticed that the ASA will drop packets when visting legitimate websites. I've tried googling for a workaround but have been unsucsselful. How can I exclude some websites or IP's from being affected by the inspection engine?
View 1 Replies View RelatedI have installed DCNM 6.2(1) on red hat 5.5 64bit and installed 4 evaluation (advanced) licenses on dcnm server:
DCNM-LAN-N3K-K9-EVAL
DCNM-LAN-N5K-K9-EVAL
DCNM-SAN-N5K-K9-EVAL
DCNM-SAN-M91-K9-EVAL
Licenses are activated on a total of 31 devices (nexus 5000 and 3000 series), data is being monitored, graphics are drawn. However under the Web user interface of DCNM, under Health, Virtual Port Channels (vPC) no data is shown. Performance, vPC is also empty. No vPC errors/notifications are displayed. The installed advanced-eval licenses should support all the bells and whistles (including vPC), but still- no monitoring is done about vPC-s. vPC-s are up and active. network is discovered and monitored via snmp v2c only. could this be limiting vPC discovery- needing snmpv3/ssh access?
is there a way in LMS 4.0 to generate a notification when a VPN tunnel drops on an ASA 5500?
View 1 Replies View RelatedWe are running LMS 3.2 with IPM 4.2 installed....and we are looking to do IPSLA monitoring on a couple of our Cisco ASR's with IOS-XE code installed.
I looked at the IPSLA feature mapping and it only talks about supported IOS code....do we need to upgrade our current IPM module to a current version?
if there is a MIB for monitoring temperature on a Cisco 800?
View 2 Replies View RelatedDoes any know why the ASA will monitor physical interfaces by default, but monitoring of logical interfaces is disabled by default? Or better yet, is anybody doing a monitor-interface for a subint without issue? I'd imagine it isn't enabled by default for a reason.
View 2 Replies View RelatedI have a question regarding netflow and NAT. I have read some documentation (on ASR1000) regarding monitoring NAT process on Cisco ASR1000 that can be done using netflow version 9 (the term was called netflow event logging a.k.a NEL). The problem is, I have not found the netflow collector that can do that. I have queried several software such as manage engine "Netflow Analyzer" and Lancope, but they said their software can not do that.
View 11 Replies View RelatedI am trying to setup VPN monitoring for a srp527w Cisco.This is my first attempt at this so "easy to understand" instructions would be a great, i have done some searching and its difficult to decipher relevant and irrelevant information based on my limited exposure to this technology.
View 1 Replies View RelatedVPN Tunnels Monitoring on ASA5510 with IOS 7.0 (Monitoring through Nagios Server).I want to use Nagios to monitor each of the S2S Tunnels built on ASA 5510. I can use the icmp on Nagios by adding Nagios host in IPSEC network of each tunnel but in that case the change needs to be done at other end of Tunnel as well.
View 2 Replies View RelatedI am proposing the Cisco Prime LMS 4.1 (i.e LMS-4.1-500-K9); Do I need to add the HUM license for monitoring or does that come inbuilt?
View 1 Replies View RelatedWe have around 20 VPN tunnel via Cisco Router 2821 (Intranet) and around 30 VPN tunnel via Cisco ASA (Internet) with 3rd Parties/Vendors.I wanna know if there is any monitoring tools from Cisco or any others providers who can give me information/trend report about VPN tunnel Up/Down time, Volumns of Traffic, Protocols etc.
View 2 Replies View RelatedIs there a way I can generate bandwidth reports on Cisco PIX 535 ?
View 1 Replies View Relatedwe are looking forward to monitoring the cpu, environment variables and the memory of a wireless lan controller via snmp. but we are not able to find in the mibs the right oid to manage this.can the exact oid be given in order to monitor these three elements on a cisco WLC 5500 series.
View 1 Replies View RelatedHow to configure SLA monitoring in 3560 switch. I have 2 DSL links terminating in switch and want to do WAN failover. I know how to do in ASA and router. I found IP SLA and track commands on switch but don't know exactly how to use them.
View 2 Replies View RelatedHave a problem coming my way with regards monitoring 3g data usage on an 887 router. The router will carry two links - x1 primary over the serial port and x1 secondary failover link utilizing 3g.
The 3g sim has an allowance of 1Gb per month (traffic has been baselined and this seems sufficient - not by me though).I have a requirement to monitor the 3g link and trigger an alert at say the 60% mark (600Mb). Whatever mechanism is used to count the data also has to reset to 0 at the beginning of every month as data stats will be included in monthly reports.
Second conundrum, I also have to somehow split out the data usage stats to show my customers usage as well as my own. My own being management traffic (mainly snmp and icmp) and present this in the monthly report.
#1 - Does the 887 have some form of 3g accounting capability either via gui or cli that can fulfil my requirements above?
#2 - With splitting the data usage stats, could this be achieved using netflow and if it was possible, could i only have my flows sent down the Primary link (obviously only when it is active) and if the box fails to 3g have netflow just count the data until the Primary kicks in again.If no built in features can give me what i want i my go down the eem scripting route burt this is a last resort.
On LMS 3.2 there was a way to disable the monitoring of Device Interfaces.Examples are ISDN30 Channels, which go up and down during calls. I could disable the channel monitor on the relevant device and only monitor the Circuit as this is the main device to monitor.I can not find the same option in 4.2.2
View 2 Replies View Relatedhow to configure ip sla monitoring on asa ver 7.0 (6) ?
View 4 Replies View RelatedHow to confirm the PAT limit on the ACE-20s. I initially read it as 1 million (the NAT limit), however I have since read that for PAT, its 4 million as it uses the connection record information and not xlate.
I've always wondered why the xlate line under 'show resource usage' is zero. If PAT does use the connection record then this would explain why, however its confusing as when running a 'show xlate' command you do see all the current PAT entries.
LMS is not reporting on all of my interfaces, utilization in particular. As an example, I have 1 location that is connected via DMVPN tunnels, when I run a utilization report, it only comes back with information for 1 interface, a random interface, port FA 1/7 on the switch module. If it was all of the switchports it might make more sense.
In DFM device detail the interfaces are being managed.
In the Link Utilization Poller, only 1 interface is listed (FA 1/7).
We're currently running on ACS 5.2.0.26.9 with 2 appliances (one primary and one secondary).Today, I wanted to get some reports from the Monitoring and Reports tool. At beginning, it seemed impossible to generate them. Later, I decided to reload first primary and then secondary. As soon as I've done it, I got an email alert telling me that it failed parsing NAD.
Cisco Secure ACS - Alarm Notification
Severity: Critical
Alarm Name
System Alarm [Collector]
Cause/Trigger
[code]....
I don't really find where I can find the Collector log...Anyway now when I generate a 30 days report, I only get data up to 23.03.2012. Nothing recent !
We've had problems with our internet router losing connection to the internet. All traffic stops, a reboot resolves the problem. The router only has a public IP and it's connect through a dummy switch to the ASA as shown. I want to be able to monitor netflow or something and wondered if I could add a static route to the 10.x.x.x network and then add the netflow commands. Here is kind of how it looks, I simplified it some by removing unnecessary devices
View 2 Replies View RelatedI live in a shared flat. And all 20 rooms are connected to this switch I believe. Is there any method to prevent the landlord/tech guy monitoring our internet activity (e.g. bandwidith activity, websites we looked at, etc.
View 5 Replies View RelatedI need A network diagram for 50 PCs with Network monitoring
View 3 Replies View RelatedI have a questions about protecting my network. My parent's have rented out my room, since I'm going to college, and I was wondering if there was a way to monitor the traffic that is going on in my network. Once the guy moved in, the wireless connection speed drastically decreased. I was barely able to sure the internet on my laptop. I currently have about 8 devices connected to my network. I am running a wired connection for my desktop so I don't feel any lag, but everything else runs on wifi.
View 1 Replies View Related