Calculate Total data U/L D/L for IPSec VPN on PIX 515

Unanswered Question
Mar 13th, 2007

I need to determine the average U/L and D/L data during 1 days operation of a particular IPSec VPN tunnel that is terminating on a PIX 515 (other end is Draytek Vigor). When I look at the tunnel stats using the PDM, I see the number of packets encypted/decrypted but I am assuming these packets would be of variable length, so I cant get an accurate U/L D/L figure, is this correct ?

If there is no other way to see this information, can I assume a "worst case" packet size in order to calculate this figure.

What I want to be able to achieve is to monitor the throughput and make a statement such as "500MB up 650MB down reuired in a 24 hour period (average)" etc.

The reason for this is that this tunnel is being moved to a provider that charges on total throughput (as in 1GB per week) rather than speed.

I dont have the ability to measure data requirement of individual apps and dont know the overhead that the VPN encryption adds.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
umedryk Mon, 03/19/2007 - 11:29

I think Cisco works VMS module has the capability to get such information. Following link will help regarding this

Other option is to use some SNMP tool. MRTG is a free tool that saves historical data and can graph it, and it is quite popular.

Have a look at and Following link may help you

ajenks Mon, 03/19/2007 - 12:49

Thanks for your reply. I have got some initial figures from using access list / ip accounting stats from a router upstream from the PIX which should prove sufficient for the time being.


This Discussion