Cisco Cisco ASA 5550 Adaptive Security Appliance Manual Técnica
Configuring Netflow
At times, you can need to quickly identify and traceback network traffic, especially during incident response or poor network performance.
NetFlow can provide visibility into all traffic on the network. Additionally, NetFlow can be implemented with collectors that can provide long-
term trending and automated analysis.
NetFlow can provide visibility into all traffic on the network. Additionally, NetFlow can be implemented with collectors that can provide long-
term trending and automated analysis.
The Cisco ASA supports NetFlow Version 9 services. The ASA and ASASM implementations of NSEL provide a stateful, IP flow tracking
method that exports only those records that indicate significant events in a flow. In stateful flow tracking, tracked flows go through a series of
state changes. NSEL events are used to export data about flow status and are triggered by the event that caused the state change.
method that exports only those records that indicate significant events in a flow. In stateful flow tracking, tracked flows go through a series of
state changes. NSEL events are used to export data about flow status and are triggered by the event that caused the state change.
Please refer Cisco ASA NetFlow Implementation Guide for more information of Netflow on ASA:
Securing config
Image verification on ASA
Starting from 9.1(2) and 8.4(4.1), Support for SHA-512 image integrity checking was added. To verify the checksum of a file, use the verify
command in privileged EXEC mode.
command in privileged EXEC mode.
Calculates and displays the MD5 value for the specified software image. Compare this value with the value available on Cisco.com for this
image.
image.
verify [ /md5 path ] [ md5-value ]
Passwords in the config
All the passwords and the Keys are either encrypted or obfuscated . The "show running-config" does not reveal the actual passwords.
Such a backup cannot be used for backup/restore on ASA. The backup which is taken for restore purposes whould be performed using the
command "more system:running-config".The ASA config passwords can be encrypted using a master pass phrase. Please refer Password
Encryption for detailed information.
command "more system:running-config".The ASA config passwords can be encrypted using a master pass phrase. Please refer Password
Encryption for detailed information.
Service password recovery
Disabling this will disable password recovery mechanism and disable access to ROMMON. The only means of recovering from lost or forgotten
passwords will be for ROMMON to erase all file systems including configuration files and images. You should make a backup of your
configuration and have a mechanism to restore images from the ROMMON command line.
passwords will be for ROMMON to erase all file systems including configuration files and images. You should make a backup of your
configuration and have a mechanism to restore images from the ROMMON command line.
Verify
Troubleshoot
There is no troubleshooting section for this document.
Updated: Sep 14, 2015
Document ID: 200150