Monitoring IPSec Tunnel Bandwidth Utilization

Unanswered Question
Sep 9th, 2011
User Badges:

We have a Cisco ASA 5520 supporting multiple VPNs - both remote-access  and Lan-to-Lan.  We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels. How can we do that?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Lee Valentin Mon, 09/12/2011 - 10:55
User Badges:

The ASDM doesn't give you that visibility. You can try a number of things:

  • create a capture on the firewall and export to Wireshark and use their graphing capabilities to determine utilization
  • enable netflow on the firewall and export to a netflow collector and use the collector's reporting
  • any combination of the above using a probe or mirroring (SPAN) the traffic
  • Use an appliance like Cymtec Scout or a Sonicwall with the latest software version

The lowest cost, least intrusive solution that I can think of is to SPAN the port that the firewall is connected to, connect a laptop with Sniffer Pro installed, monitor and collect stats that way.

Good luck

vpnttg001 Mon, 06/24/2013 - 13:15
User Badges:

Hi Spr,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec  (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN  tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is  following: Other (commonly used) software's are working with static OID  numbers, i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new OID number. This means that the historical data, gathered  on the connection, is lost each time. However, VPNTTG works with VPN  peer's IP address and it stores for each VPN tunnel historical  monitoring data into the Database.

For more information about VPNTTG please visit


This Discussion