IPSEC VPN Bandwidth

Unanswered Question
May 30th, 2010

Hello

Site-to-Site IPsec tunnel between Cisco Security Appliances (ASA/PIX) and a Cisco IOS Router.

How do I identify how much bandwidth is consumed on this VPN Link.

ASA#show crypto isakmp sa
ASA#show crypto ipsec sa

above command doesnt help.

any input

Thanks

Saquib

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
gatlin007 Sun, 05/30/2010 - 15:29

There isn’t much support for per tunnel bandwidth statistics on the ASA. 


I would rely on netflow on the IOS router.  Export your netflow statistics to a netflow collector and pull reports based on the routers public interface focused on IPSEC traffic destined to the ASA’s public IP address.


Here’s an open source netflow collector

http://neye.unsupported.info/

If you have some money to invest I recommend Statseeker because it scales very well for bandwidth monitoring and has a built in netflow collector.

http://www.statseeker.com/

Christopher Gatlin
http://travelingtech.net

Don Jacob Mon, 06/21/2010 - 05:04

NetFlow should help. You can either monitor the tunnel termination interface on the IOS router if it supports NetFlow export or the ASA device itself if it has IOS 8.2 or higher using NetFlow.

If you can let me know the router model or the version on the ASA, I can find out if it supports NetFlow and assist you with the related NetFlow configuration. NetFlow Analyzer from ManageEngine has a free edition which lets you monitor 2 interfaces with no feature limitation on NetFlow reporting.

Regards,
Don Thomas Jacob
ManageEngine  NetFlow Analyzer
_________________________________________

merabtavart Fri, 07/22/2011 - 02:02

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

Actions

Login or Register to take actions

This Discussion

Posted May 30, 2010 at 11:32 AM
Stats:
Replies:3 Avg. Rating:
Views:1597 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard