cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17108
Views
16
Helpful
30
Replies

VPN monitoring solution

rami_azar
Level 1
Level 1

A certain customer has a main office and several branch offices connected through VPN .

He needs a solution that will allow him to monitor VPN sessions, and specific info ( ex: number of sessions, source of session ,date ,duration, bandwidth used ,ect,.,,,,)

Does Cisco provide such a solution .

a solution that is preferred with graphical interface

Please , your fast response is appreciated

1 Accepted Solution

Accepted Solutions

beecher
Cisco Employee
Cisco Employee

Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs. Links:

Security Manager:

http://www.cisco.com/go/csmanager

Performance Monitor User Guide:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html

Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement. We would like to introduce an updated security-related health and performance monitoring capability on-par with Security Manager, but no definite word yet.

Security Manager and Performance Monitor can be downloaded and used for up to 90 days for evaluation.

View solution in original post

30 Replies 30

elovelace256
Level 1
Level 1

I have been asking the same question for weeks with no definitave answer. If you find one please let me know.

beecher
Cisco Employee
Cisco Employee

Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs. Links:

Security Manager:

http://www.cisco.com/go/csmanager

Performance Monitor User Guide:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html

Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement. We would like to introduce an updated security-related health and performance monitoring capability on-par with Security Manager, but no definite word yet.

Security Manager and Performance Monitor can be downloaded and used for up to 90 days for evaluation.

good day,

dear, can u provide me the usage guide for CSM.

thanks & regards,

khinze
Level 1
Level 1

We have CSM and I'm working on getting it configured. I do not see Perf Mon and see no way to monitor devices such as # sessions, etc. I have been looking at Open Source Cacti . It looks like it could provide this. Anyone else get Cacti, NMIS, or other NMS tool working to monitor ASA's for VPN Session info?

Beginning with Security Manager 3.1, Performance Monitor is included on the product DVD as a separate installer. You need to at least first install Common Services using the Security Manager installer and then install Performance Monitor. Performance Monitor uses the traditional CiscoWorks browser interface.

For 3.0 and 3.1 versions, Performance Monitor is also available for download here:

http://www.cisco.com/cgi-bin/tablebuild.pl/csm-app

Thank you, CSM looks pretty amazing but is really a huge application. I had been working to setup to manage not monitor. I will take a look.

BTW, I just downloaded and started the installer but it won't accept the CSM license key file. I guess I can just install as eval.

Performance Monitor requires a different license file. For Security Manager 3.0, the license file is included on the DVD, but for 3.1 it is delivered via registering the included PAK on Cisco.com and receiving via email. The Performance Monitor license file is installed using the Common Services browser interface (not the Security Manager client). Click CiscoWorks in the upper right of the browser after logging in, then Common Services > Server > Admin > Licensing.

Hi all, I'm in the same boat.

I actually have PIX running 6.3 software with a few site to site VPN tunnels. Is there any way to monitor the bandwidth utilization of a particular tunnel?

Same question goes with ASAs and using ASDM...no plans to get CSM here...

Thanks,

Jason

Interesting question. I installed Cacti [www.cacti.net] and am getting graphs of number of tunnels, bandwidth etc. But I don't know whether you can do bandwidth per tunnel. I'll have to tinker with that.

Guys, did u find any way to monitor the bandwidth based on per tunnel. If yes, then tell me...Thanks

For our install, I was only interested in the concurrent # of users logged int.

Here is the SNMP OID.

.1.3.6.1.4.1.9.9.392.1.3.3.0

If you want more, you should look at the MIB and MIB2 for the ASA. (available on the cisco website)

elovelace256
Level 1
Level 1

This seems to be a never ending question. I think thatCisco works and cacti can monitor them but its cumbersome either to setup or to managage.

What I want is solarwinds orion or even another easy network management tool to provide this functionality.

I would like to see the asa to treat the vpn tunnels almost like interfaces, That way you can manage, monitor, and configure them just like any other interface.

I am looking into the same thing. What I have found so far is OID string 1.3.6.1.4.1.9.9.171.1.2.3.1.7 will give you the tunnels with remote address and I use OID 1.3.6.1.4.1.9.9.171.1.2.1.1 to verify the number of tunnels are correct. These are Phase 1 stats. I am looking on how to monitor some WEBVPN session. If anyone has any information it would be appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: