09-09-2011 12:12 AM - edited 02-21-2020 05:34 PM
We have a Cisco ASA 5520 supporting multiple VPNs - both remote-access and Lan-to-Lan. We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels. How can we do that?
Thanks,
Spr
09-12-2011 10:55 AM
The ASDM doesn't give you that visibility. You can try a number of things:
The lowest cost, least intrusive solution that I can think of is to SPAN the port that the firewall is connected to, connect a laptop with Sniffer Pro installed, monitor and collect stats that way.
Good luck
09-12-2011 04:42 PM
Hey Spr,
Have a look at cacti http://www.cacti.net/
you will be able to do a SNMP walk and collect the OID of all your interfacesand monitor them with cacti.
This will help you http://forums.cacti.net/about12873.html
Cheers,
Fabio
01-31-2018 08:03 AM
But this assumes you are using tunnel interfaces (Istand corrected). what are my option if i'm working with regular l2l tunnels on an ASA?
06-24-2013 01:15 PM
Hi Spr,
Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN tunnel over time in graphical form.
Advantage of VPNTTG over other SNMP based monitoring software's is following: Other (commonly used) software's are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer's IP address and it stores for each VPN tunnel historical monitoring data into the Database.
For more information about VPNTTG please visit www.vpnttg.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide