cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3157
Views
0
Helpful
3
Replies

IPSEC VPN Bandwidth

saquib.tandel
Level 1
Level 1

Hello

Site-to-Site IPsec tunnel between Cisco Security Appliances (ASA/PIX) and a Cisco IOS Router.

How do I identify how much bandwidth is consumed on this VPN Link.

ASA#show crypto isakmp sa
ASA#show crypto ipsec sa

above command doesnt help.

any input

Thanks

Saquib

3 Replies 3

gatlin007
Level 4
Level 4

There isn’t much support for per tunnel bandwidth statistics on the ASA. 


I would rely on netflow on the IOS router.  Export your netflow statistics to a netflow collector and pull reports based on the routers public interface focused on IPSEC traffic destined to the ASA’s public IP address.


Here’s an open source netflow collector

http://neye.unsupported.info/

If you have some money to invest I recommend Statseeker because it scales very well for bandwidth monitoring and has a built in netflow collector.

http://www.statseeker.com/

Christopher Gatlin
http://travelingtech.net

Don Jacob
Level 1
Level 1

NetFlow should help. You can either monitor the tunnel termination interface on the IOS router if it supports NetFlow export or the ASA device itself if it has IOS 8.2 or higher using NetFlow.

If you can let me know the router model or the version on the ASA, I can find out if it supports NetFlow and assist you with the related NetFlow configuration. NetFlow Analyzer from ManageEngine has a free edition which lets you monitor 2 interfaces with no feature limitation on NetFlow reporting.

Regards,
Don Thomas Jacob
ManageEngine  NetFlow Analyzer
_________________________________________

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

merabtavart
Level 1
Level 1

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco