Calculate Total data U/L D/L for IPSec VPN on PIX 515

ajenks · ‎03-13-2007

I need to determine the average U/L and D/L data during 1 days operation of a particular IPSec VPN tunnel that is terminating on a PIX 515 (other end is Draytek Vigor). When I look at the tunnel stats using the PDM, I see the number of packets encypted/decrypted but I am assuming these packets would be of variable length, so I cant get an accurate U/L D/L figure, is this correct ?

If there is no other way to see this information, can I assume a "worst case" packet size in order to calculate this figure.

What I want to be able to achieve is to monitor the throughput and make a statement such as "500MB up 650MB down reuired in a 24 hour period (average)" etc.

The reason for this is that this tunnel is being moved to a provider that charges on total throughput (as in 1GB per week) rather than speed.

I dont have the ability to measure data requirement of individual apps and dont know the overhead that the VPN encryption adds.

umedryk · ‎03-19-2007

I think Cisco works VMS module has the capability to get such information. Following link will help regarding this

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/vpnmon/1_x/1_0/using/index.htm

Other option is to use some SNMP tool. MRTG is a free tool that saves historical data and can graph it, and it is quite popular.

Have a look at http://www.stat.ee.ethz.ch/mrtg/ and www.mrtg.org. Following link may help you

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a008009496e.shtml

ajenks · ‎03-19-2007

Thanks for your reply. I have got some initial figures from using access list / ip accounting stats from a router upstream from the PIX which should prove sufficient for the time being.