I am facing an issue with Nagios Network analyzer, we have 10.88.0.0 range in LAN segment and this IP is Nated in our cisco asafirewall (lan segment to outside interface nat). we have configured cisco ASA firewall in nagios network analyzer netflow.
10.88.0.0/16 range IPs are not visible in netflow monitoring logs.
Is there any configuration or update we have to do or its common behavior or Nagios network analyzer.
Please suggest.
Cisco ASA LAN subnet IP logs are not showing in Nagios netfl
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
Are you seeing the NATted IP in the flows?
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
we cant see any hits from that IP
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
Yea, i can see the NATed IP in destination ip column and source are all public IPs, not our LAN subnet IPs
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
Yea, we can see the NATed IP in destination column and all the source IPs are public iPs not our LAN subnets.ssax wrote:Are you seeing the NATted IP in the flows?
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
The Nagios Network Analyzer displays the data it receives but I am guessing that your device is only sending on the NATed data and not the original IP addresses.
If your device supports sending 2 flows at the same time, you could create a separate source on the inside interface and send that to the NNA server and you should see that data on the separate source.
If your device supports sending 2 flows at the same time, you could create a separate source on the inside interface and send that to the NNA server and you should see that data on the separate source.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
This device is cisco ASA and we are doing the NATing on this device for sending data from inside to outside. last sentence is not clear Could you please elaborate it please, how we can create separate source.tgriep wrote:The Nagios Network Analyzer displays the data it receives but I am guessing that your device is only sending on the NATed data and not the original IP addresses.
If your device supports sending 2 flows at the same time, you could create a separate source on the inside interface and send that to the NNA server and you should see that data on the separate source.
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
I am guessing that you have setup the ASA to send the flow data statistics for the the outside interface of the firewall.
With the IP addresses getting NATed, The flow data probably only has the NATed data.
If you want to view the IP addresses before they are NATed, you can setup the inside interface to send the flow data to the NNA server.
If the ASA supports it, it will be sending the flow statistics for both the inside interface and the outside interface at the same time to the NNA server.
That way you can see the data for the original IP address.
Not all devices support sending 2 sets of flow traffic and you would have to see if it does and see it Cisco has the specs and documentation to do this.
With the IP addresses getting NATed, The flow data probably only has the NATed data.
If you want to view the IP addresses before they are NATed, you can setup the inside interface to send the flow data to the NNA server.
If the ASA supports it, it will be sending the flow statistics for both the inside interface and the outside interface at the same time to the NNA server.
That way you can see the data for the original IP address.
Not all devices support sending 2 sets of flow traffic and you would have to see if it does and see it Cisco has the specs and documentation to do this.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
Could you please provide little more details about this line "you can setup the inside interface to send the flow data to the NNA server." how to configure this, could you please provide an documentation.tgriep wrote:I am guessing that you have setup the ASA to send the flow data statistics for the the outside interface of the firewall.
With the IP addresses getting NATed, The flow data probably only has the NATed data.
If you want to view the IP addresses before they are NATed, you can setup the inside interface to send the flow data to the NNA server.
Id the ASA supports it, it will be sending the flow statistics for both the inside interface and the outside interface at the same time to the NNA server.
That way you can see the data for the original IP address.
Not all devices support sending 2 sets of flow traffic and you would have to see if it does and see it Cisco has the specs and documentation to do this.
Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n
I did a few minutes of research and it looks like the ASA's cannot be configured to have 2 separate flows so doing that cannot be done.
You original issue could be a configuration issue and this link from Cisco has instructions on setting up NetFlow using the ADSM.
https://community.cisco.com/t5/security ... -p/3119466
These are the instructions from Nagios for setting up the device using the CLI.
https://assets.nagios.com/downloads/nag ... alyzer.pdf
Cisco Netflow Guide
https://www.cisco.com/c/en/us/td/docs/s ... tflow.html
You original issue could be a configuration issue and this link from Cisco has instructions on setting up NetFlow using the ADSM.
https://community.cisco.com/t5/security ... -p/3119466
These are the instructions from Nagios for setting up the device using the CLI.
https://assets.nagios.com/downloads/nag ... alyzer.pdf
Cisco Netflow Guide
https://www.cisco.com/c/en/us/td/docs/s ... tflow.html
Be sure to check out our Knowledgebase for helpful articles and solutions!