Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
906
Views
4
Helpful
4
Replies

How to monitor the traffic and systems in a site to site vpn

csaravanan
Level 1
Level 1

‎03-16-2006 10:50 AM - edited ‎02-21-2020 12:46 AM

Hello,

I have a site to site vpn established between branch office and central office using Cisco PIX 515E at both ends

We have a dedicated link between offices, with vpn traffic routed to the dedicated link .

I see a high bandwidth usage in (both incoming and outgoing) in the link. how could I pin point which systems are sending and receiving traffic in VPN.

I have to identify the systems which are sending the traffic to the VPN

Thanks,

Chandru

0 Helpful
4 Replies 4

jackko
Level 7
Level 7

‎03-16-2006 03:21 PM

in order to analyse the traffic within a vpn, the only way is to "get in" after the packets are decrypted.

one way i can think of is to use a sniffer straight connects to the pix inside interface.

another way is to do the sniffer on the pix, which involves a little bit complicated configuration.

in brief:

disable the command "sysopt connection permit-ipsec";

divide the subnet up to several sub-groups, configure inbound acl for individual sub-group in order to permit vpn traffic;

study the hit count of the acl;

re-create sub-groups based on the number of hit count e.g. a particular sub-group may be further divided providing most of the traffic are generated in this group; on the other hand, several sub-groups may be combined into a single sub-group providing not much traffic are generated by these groups;

repeat the re-group until the most "heavy" user/host/ip is identified.

csaravanan
Level 1
Level 1
In response to jackko

‎03-17-2006 06:59 AM

Thanks Jaccko. I will try your approach.

0 Helpful

jackko
Level 7
Level 7
In response to csaravanan

‎03-17-2006 07:52 AM

it's good to learn that the information provided is valuable.

according to cisco,

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

0 Helpful

csaravanan
Level 1
Level 1
In response to jackko

‎03-17-2006 10:53 AM

Hi Jackko,

Thanks for reminding me. I have rated your previous post

Chandru

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card