Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1885
Views
0
Helpful
2
Replies

ASA5510 VPN Bandwidth Calculations

robheaplogin
Level 1
Level 1

‎03-15-2012 10:26 AM - edited ‎03-11-2019 03:42 PM

Were running an ASA5510 with multiple IPSEC VPN clients over a 100Mb leased line. At the moment we have about 10 active clients however we are looking at gearing up to about 100 clients.

Question is, is there a known method for calculating the required bandwidth for this number of clients or indeed obtaining metrics from already connected clients to help with this calculation.

We have tried a few monitoring products, most notably Solarwinds, however none of the products we have tried seems to be able to give us the throughput of the individual VPN connections to assist with our calcs....

Labels:
0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎03-23-2012 08:08 AM

Hi Rob,

I don't think you'll find any formula to calculate this unless all of the VPN clients run the same applications and send the same traffic profile through the ASA.

You could try using NetFlow monitoring on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/monitor_nsel.html

The ASA will report statistics on a per-connection (i.e. source IP/port and destination IP/port) basis, but the NetFlow collector software you use will likely be able to aggregate this on a per-client basis.

-Mike

0 Helpful

vpnttg001
Level 1
Level 1

‎10-01-2013 12:27 PM

Hi Rob,

Check  out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP  monitoring and measuring the traffic load for IPsec  (Site-to-Site,  Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco  ASA. It allows the user to see traffic load on a VPN  tunnel over time  in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is   following: Other (commonly used) software's are working with static OID   numbers, i.e. whenever tunnel disconnects and reconnects, it gets   assigned a new OID number. This means that the historical data,  gathered  on the connection, is lost each time. However, VPNTTG works  with VPN  peer's IP address and it stores for each VPN tunnel  historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card