Blog :: Network Operations :: Security Operations

Cisco ASA NetFlow and VPN Support

I run into a lot of unique hardware working in technical support; as a result I want to write about Cisco ASA NetFlow and VPN support. Recently, I have received questions from customers wanting to monitor their VPN traffic using NetFlow. This blog will briefly cover what VPN is, and how I used our network traffic monitor for Cisco ASA VPN reporting.

What is a VPN?

First, I would like to do is address “What is a VPN”. A VPN (Virtual Private Network) is an extension of a private network that uses different types of encryption so remote users can log into a private network safely and securely over the internet and still have access to all of the resources that they would have if they were connected locally. The biggest issue we hear from customers is not being able to monitor what those hosts are doing and when I show them how to see this information they are blown away.

Monitoring VPN traffic with NetFlow

Below, I have attached a report that I ran a few nights ago on our VPN traffic here. As you can see, I did some Cisco ASA Reporting on our VPN’s but the principles are still the same for any VPN exporting NetFlow or any other flow technology. In this report I added filters for the ports associated with VPN’s\encrypted traffic as well as filtered on UDP traffic only. What we are left with, is a list of our VPN users from Maine, Turkey, Florida and New Hampshire. As you can probably imagine, being able to quickly have access to this information on your network can be very helpful in troubleshooting why the network is slow and network threat detection associated with your VPN traffic.

Juniper SA4500 NetFlow

In the report above, our network analyzer provides amazing information for monitoring traffic on your VPN’s, by simply filtering traffic on Port/Protocol you are now able to drill down on specific users and find out exactly what everyone is up to on your network, True 100% network visibility.

If you need any help configuring your Cisco ASA VPN’s or have any questions on how to report on them feel free to contact us.