Monitoring VPN tunnel utilization (a la frame subinterface)
I was curious whether anyone out there had found a way to monitor traffic utilization going through the IPSec tunnels configured on their boxen. I have a need to report traffic utilization and type (i.e. http, smtp, ftp, etc.) to upper management.
As for the first part (utilization), I've thought I could use the packet decrypt/encrypt counters, though I haven't really dug into the MIB. As for the second (type), I'm at a loss unless I do some external data filtering/summarization based on the known netblocks assigned to each tunnel. This, however, is static and therefore cumbersome to maintain.
Anyone got any ideas? Gee, this might be a good feature in CSPM/NetFlow...
Re: Monitoring VPN tunnel utilization (a la frame subinterface)
Traffic utilization reports are best provided by your ISP. Any ISP offering MPLS over ATM VPN's can create very robust ulilization reports, ie ports, bandwidth utilization, errors, buffer hits, packet loss, peaks etc.
Cisco's MPLS can make ATM connectionless. Creating fully meshed VPN's by default. This eliminates the need for encryption (IPsec) and firewalls since traffic is not routed over the Internet. All VPN data is dropped to layer 2 and switched, while Internet destined traffic is sent to a gateway.
Since the WAN and Internet traffic are differentiated, reporting on performance becomes seamless.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...