VPN tunnel monitoring

Unanswered Question
Aug 21st, 2007
User Badges:

Hi all,

I just wondering if there is anyone doing the same way as what we are looking for.

we have 4 offices mass connected with VPN tunnels through internet boradband (i.e. 6 VPN tunnels). I am looking for a monitoring tools to monitor the bandwidth of different tunnels (only vpn tunnel not including normal internet traffic).

any suggection is appreciate.


Donald

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Amin Shaikh Sun, 08/26/2007 - 01:03
User Badges:

Hello,


I am also looking for the same....


Someone please advice.


Chow



jerrytozhang Thu, 08/30/2007 - 09:56
User Badges:

We have a similiar scenario, but much bigger, we have 121 branches worldwide and each has a VPN connection (based on Internet)to head office in Canada.


If you use IPSec+GRE mode to build your VPN connections, that's very easy, just run a MRTG, PRTG, Cricket to monitor each of your VPN connection and respective traffic based on tunnel interfaces.


If you just use IPSec based on Cisco routing platform to build your VPN connections, you can try NetFlow tools,like NetFlow Tracker, NetFlow Analyzer,FlowScan,CFlowd to monitor your VPN traffic based on IPSec protocols' characters, like IP Protocol 50,51 or UDP port 500.


Thanks,

Jerry

Amin Shaikh Fri, 08/31/2007 - 04:19
User Badges:

Thank you for your reply.....


Can you get me the link for Cricket... tool


and your recommendation to select a tool for IPSEC based VPN Connection ....


You mentioned so many ( Netflow tracker .... Netflow Analyser..... etc )



jerrytozhang Fri, 08/31/2007 - 06:08
User Badges:

1:Cricket URL is following:

http://cricket.sourceforge.net/


2:If your scenairo is just only running IPSec over Internet, no GRE tunnels deployed, you have to use a Netflow tool to monitor your VPN traffic, you can choose Netflow tracker or Netflow Analyzer to do this job, they both have a trail version to let you evaluate.


Netflow tracker's URL is following:

http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1


Netflow Analyzer's URL is following:

http://manageengine.adventnet.com/products/netflow/index.html


hope those information can help you.


Jerry

donaldfoo Wed, 09/05/2007 - 19:21
User Badges:

Hi Jerry,

Thanks for the information, however I am using PIX to build the VPN tunnel, it sounds like PIX not support netflow, any advice?



Regards,

Donald

gmagillsiemens Wed, 02/27/2008 - 10:45
User Badges:

cant you trigger off of the following traps if you use an IPSEC GRE tunnel?


snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop


merabtavart Fri, 07/22/2011 - 01:09
User Badges:

Check

http://www.vpnttg.com/


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.


HTH

Actions

This Discussion