03-16-2006 10:50 AM - edited 02-21-2020 12:46 AM
Hello,
I have a site to site vpn established between branch office and central office using Cisco PIX 515E at both ends
We have a dedicated link between offices, with vpn traffic routed to the dedicated link .
I see a high bandwidth usage in (both incoming and outgoing) in the link. how could I pin point which systems are sending and receiving traffic in VPN.
I have to identify the systems which are sending the traffic to the VPN
Thanks,
Chandru
03-16-2006 03:21 PM
in order to analyse the traffic within a vpn, the only way is to "get in" after the packets are decrypted.
one way i can think of is to use a sniffer straight connects to the pix inside interface.
another way is to do the sniffer on the pix, which involves a little bit complicated configuration.
in brief:
disable the command "sysopt connection permit-ipsec";
divide the subnet up to several sub-groups, configure inbound acl for individual sub-group in order to permit vpn traffic;
study the hit count of the acl;
re-create sub-groups based on the number of hit count e.g. a particular sub-group may be further divided providing most of the traffic are generated in this group; on the other hand, several sub-groups may be combined into a single sub-group providing not much traffic are generated by these groups;
repeat the re-group until the most "heavy" user/host/ip is identified.
03-17-2006 06:59 AM
Thanks Jaccko. I will try your approach.
03-17-2006 07:52 AM
it's good to learn that the information provided is valuable.
according to cisco,
Why should I rate posts?
If you see a post that you think deserves recognition, please take a moment to rate it.
You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.
03-17-2006 10:53 AM
Hi Jackko,
Thanks for reminding me. I have rated your previous post
Chandru
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide