The bad thing about asdm is no historical reports or alerting.

I see what you mean but everytime the connection is re-negotiated the stats clear. Is there a way gather real history?

Well, Cacti <http://www.cacti.net/> provides a close to 90% solution. It provides metrics but I don't think it will report. We also use NMIS and it will send alerts for outages. This is the best I've been able to come up with.

I just implemented Netflow with SolarWinds and I can now get the statistics I need by filtering on the tunneled destination address's.

I would like to see vpn's configured as a virtual interface just like a vlan.

This way I can just add the virtual interface to my monitoring soultion and monitor it just like the rest of the interfaces.

Santa can you bring me that for christmas?

Eric,

If it was that piece of cake, every one would have already done that :)..

Kevin,

About cacti, would it be possible for you to share some snaps, because may be your 90% solution could be more useful for some one else.

Chris,

i believe net flow is only for routers/switches. Did u configure it for firewall/concentrator? Haven't heard about that in my exp, can you share something useful?

I guess, everyone here needs this sort of solution, so we must raise the bar to Cisco, may be on idea forum, or some other platform, that they should work on these particular features, Monitoring the VPN tunnels, their historical bandwidth and session reporting, and above all, flow analysis of traffic passing through the tunnels.

regards,

Mohsin

Because all traffic within the network I am working with has to go through my core to traverse the vpn link, by implementing netflow on the core I get stats on any source/destination traffic that uses the tunnels I support. (there are more than one)

I'm using SolarWinds Orion to poll for netflow stats and query history.

Also, in a pinch, with a little ASA log analysis I can pick up stats on individual user vpn sessions as well.

I'll try to attach again - it croaked last time.

So just to be clear, our ~90% solution includes NMIS <http://nmis.co.nz/drupal/> to provide the system uptime and alerting, while Cacti <http://www.cacti.net/> provides metrics on active tunnels, throughput etc.

Attachments are NMIS_Ping_Response, Cacti_24hr_Active_Tunnels and Cacti_30days_Active_Tunnels.

Hi,

Do you have the same for SSL VPN?

I want to have graphs for SSL VPN on my ASA but Performance Monitor doesn't support it and I can't find anything on the internet to do it with Cacti or anything else...

I use Netflow. If I want graphs for ssl vpn I need to identify the ip address of the endpoint fisrt and then I can get good graphs etc. This isnt the best solution as most endpoint for ssl vpn change periodically. Custom snmp pollers dont work well as the vpn session changes between connections and you cant easily track sessiond because the snmp mib keeps changing.

I have to say we do not use SSL. Only IPSec. But I am looking for OID and how to configure Cacti for SSL as well. I will post / let you know what I find.

Nobody has found anything for SSL Statistics on Cacti?? I'm trying to do it myself but I'm not getting any results...

Finally I've done it myself on Cacti:

http://forums.cacti.net/viewtopic.php?p=174500#174500

Hope it will work for you :)!

Thanks, I am going to try it on for size. Good work,