What is generating traffic? 1

[disturbedone]

I have 2 redundant Cisco ASA5520s connected to a 10Mbps Internet connection. The device dashboard shows the 'outside' interface at around 9.5Mbps input consistently and users are complaining of slow Internet (surprise, surprise!).

Some things to note:
* We've just handed out ~200 iPads to students so they'll be giving the Internet a flogging
* We're moving from a 10Mbps to 1Gbps Internet connection in 1-2wks

The 2 scenarios for the situation are:
* There is just a lot of general traffic from staff/students especially considering the rollout of iPads
* There is a device that's downloading a lot (torrents, virus etc)

Is there a way to find out if there's a specific IP that's causing this traffic?

 

[ADB100]

From the ASA ASDM GUI (assuming you have more than just an implicit permit) you should be able to see hits in the Access Rules page. If it is open then as long as you have software 8.2(1) or later then you can enable NetFlow and set up a collector to show you the traffic flows.

https://supportforums.cisco.com/docs/DOC-6113

I use ManageEngine NetFlow Analyser which is free for 30-days and after that is free if you only want to monitor two interfaces - if all you have on the ASA is an Inside and an Outside then thats all you need. Otherwise there is a cost involved.
There is an online demo of this here:

http://demo.netflowanalyzer.com/netflow/jspui/NetworkSnapShot.jsp

Andy