IPSEC VPN Bandwidth

Unanswered Question
May 30th, 2010
User Badges:


Site-to-Site IPsec tunnel between Cisco Security Appliances (ASA/PIX) and a Cisco IOS Router.

How do I identify how much bandwidth is consumed on this VPN Link.

ASA#show crypto isakmp sa
ASA#show crypto ipsec sa

above command doesnt help.

any input



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gatlin007 Sun, 05/30/2010 - 15:29
User Badges:
  • Silver, 250 points or more

There isn’t much support for per tunnel bandwidth statistics on the ASA. 

I would rely on netflow on the IOS router.  Export your netflow statistics to a netflow collector and pull reports based on the routers public interface focused on IPSEC traffic destined to the ASA’s public IP address.

Here’s an open source netflow collector


If you have some money to invest I recommend Statseeker because it scales very well for bandwidth monitoring and has a built in netflow collector.


Christopher Gatlin

Don Jacob Mon, 06/21/2010 - 05:04
User Badges:
  • Bronze, 100 points or more

NetFlow should help. You can either monitor the tunnel termination interface on the IOS router if it supports NetFlow export or the ASA device itself if it has IOS 8.2 or higher using NetFlow.

If you can let me know the router model or the version on the ASA, I can find out if it supports NetFlow and assist you with the related NetFlow configuration. NetFlow Analyzer from ManageEngine has a free edition which lets you monitor 2 interfaces with no feature limitation on NetFlow reporting.

Don Thomas Jacob
ManageEngine  NetFlow Analyzer

merabtavart Fri, 07/22/2011 - 02:02
User Badges:



Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.



This Discussion