Cisco ASA LAN subnet IP logs are not showing in Nagios netfl

This support forum board is for support questions relating to Nagios Network Analyzer, our network traffic and bandwidth analysis solution.
Locked
dhaeshmb
Posts: 6
Joined: Thu Oct 25, 2018 2:33 am

Cisco ASA LAN subnet IP logs are not showing in Nagios netfl

Post by dhaeshmb »

I am facing an issue with Nagios Network analyzer, we have 10.88.0.0 range in LAN segment and this IP is Nated in our cisco asafirewall (lan segment to outside interface nat). we have configured cisco ASA firewall in nagios network analyzer netflow.

10.88.0.0/16 range IPs are not visible in netflow monitoring logs.

Is there any configuration or update we have to do or its common behavior or Nagios network analyzer.

Please suggest.
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by ssax »

Are you seeing the NATted IP in the flows?
dhaeshmb
Posts: 6
Joined: Thu Oct 25, 2018 2:33 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by dhaeshmb »

we cant see any hits from that IP
dhaeshmb
Posts: 6
Joined: Thu Oct 25, 2018 2:33 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by dhaeshmb »

Yea, i can see the NATed IP in destination ip column and source are all public IPs, not our LAN subnet IPs
dhaeshmb
Posts: 6
Joined: Thu Oct 25, 2018 2:33 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by dhaeshmb »

ssax wrote:Are you seeing the NATted IP in the flows?
Yea, we can see the NATed IP in destination column and all the source IPs are public iPs not our LAN subnets.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by tgriep »

The Nagios Network Analyzer displays the data it receives but I am guessing that your device is only sending on the NATed data and not the original IP addresses.
If your device supports sending 2 flows at the same time, you could create a separate source on the inside interface and send that to the NNA server and you should see that data on the separate source.
Be sure to check out our Knowledgebase for helpful articles and solutions!
dhaeshmb
Posts: 6
Joined: Thu Oct 25, 2018 2:33 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by dhaeshmb »

tgriep wrote:The Nagios Network Analyzer displays the data it receives but I am guessing that your device is only sending on the NATed data and not the original IP addresses.
If your device supports sending 2 flows at the same time, you could create a separate source on the inside interface and send that to the NNA server and you should see that data on the separate source.
This device is cisco ASA and we are doing the NATing on this device for sending data from inside to outside. last sentence is not clear Could you please elaborate it please, how we can create separate source.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by tgriep »

I am guessing that you have setup the ASA to send the flow data statistics for the the outside interface of the firewall.
With the IP addresses getting NATed, The flow data probably only has the NATed data.
If you want to view the IP addresses before they are NATed, you can setup the inside interface to send the flow data to the NNA server.

If the ASA supports it, it will be sending the flow statistics for both the inside interface and the outside interface at the same time to the NNA server.
That way you can see the data for the original IP address.

Not all devices support sending 2 sets of flow traffic and you would have to see if it does and see it Cisco has the specs and documentation to do this.
Be sure to check out our Knowledgebase for helpful articles and solutions!
dhaeshmb
Posts: 6
Joined: Thu Oct 25, 2018 2:33 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by dhaeshmb »

tgriep wrote:I am guessing that you have setup the ASA to send the flow data statistics for the the outside interface of the firewall.
With the IP addresses getting NATed, The flow data probably only has the NATed data.
If you want to view the IP addresses before they are NATed, you can setup the inside interface to send the flow data to the NNA server.

Id the ASA supports it, it will be sending the flow statistics for both the inside interface and the outside interface at the same time to the NNA server.
That way you can see the data for the original IP address.

Not all devices support sending 2 sets of flow traffic and you would have to see if it does and see it Cisco has the specs and documentation to do this.
Could you please provide little more details about this line "you can setup the inside interface to send the flow data to the NNA server." how to configure this, could you please provide an documentation.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Cisco ASA LAN subnet IP logs are not showing in Nagios n

Post by tgriep »

I did a few minutes of research and it looks like the ASA's cannot be configured to have 2 separate flows so doing that cannot be done.

You original issue could be a configuration issue and this link from Cisco has instructions on setting up NetFlow using the ADSM.
https://community.cisco.com/t5/security ... -p/3119466

These are the instructions from Nagios for setting up the device using the CLI.
https://assets.nagios.com/downloads/nag ... alyzer.pdf

Cisco Netflow Guide
https://www.cisco.com/c/en/us/td/docs/s ... tflow.html
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked