08-26-2007 11:17 PM - edited 02-21-2020 01:39 AM
A certain customer has a main office and several branch offices connected through VPN .
He needs a solution that will allow him to monitor VPN sessions, and specific info ( ex: number of sessions, source of session ,date ,duration, bandwidth used ,ect,.,,,,)
Does Cisco provide such a solution .
a solution that is preferred with graphical interface
Please , your fast response is appreciated
Solved! Go to Solution.
09-08-2008 09:34 AM
I have ASAs that I monitor using the ASDM (v. 6.02) Under monitoring, VPN statistics, Sessions you can filter by Remote Access, Site-to-Site, clientless SSL, SSL client or email proxy. Under Site-to-Site there are stats for connection/IP address, protocol/encryption, login time/duration and Bytes TX/RX
09-10-2008 05:21 PM
The bad thing about asdm is no historical reports or alerting.
12-23-2008 06:39 PM
I see what you mean but everytime the connection is re-negotiated the stats clear. Is there a way gather real history?
12-24-2008 06:25 AM
Well, Cacti <http://www.cacti.net/> provides a close to 90% solution. It provides metrics but I don't think it will report. We also use NMIS and it will send alerts for outages. This is the best I've been able to come up with.
12-24-2008 06:34 AM
I just implemented Netflow with SolarWinds and I can now get the statistics I need by filtering on the tunneled destination address's.
12-24-2008 01:43 PM
I would like to see vpn's configured as a virtual interface just like a vlan.
This way I can just add the virtual interface to my monitoring soultion and monitor it just like the rest of the interfaces.
Santa can you bring me that for christmas?
12-25-2008 08:32 PM
Eric,
If it was that piece of cake, every one would have already done that :)..
Kevin,
About cacti, would it be possible for you to share some snaps, because may be your 90% solution could be more useful for some one else.
Chris,
i believe net flow is only for routers/switches. Did u configure it for firewall/concentrator? Haven't heard about that in my exp, can you share something useful?
I guess, everyone here needs this sort of solution, so we must raise the bar to Cisco, may be on idea forum, or some other platform, that they should work on these particular features, Monitoring the VPN tunnels, their historical bandwidth and session reporting, and above all, flow analysis of traffic passing through the tunnels.
regards,
Mohsin
12-26-2008 06:08 AM
Because all traffic within the network I am working with has to go through my core to traverse the vpn link, by implementing netflow on the core I get stats on any source/destination traffic that uses the tunnels I support. (there are more than one)
I'm using SolarWinds Orion to poll for netflow stats and query history.
Also, in a pinch, with a little ASA log analysis I can pick up stats on individual user vpn sessions as well.
12-26-2008 07:38 AM
I'll try to attach again - it croaked last time.
So just to be clear, our ~90% solution includes NMIS <http://nmis.co.nz/drupal/> to provide the system uptime and alerting, while Cacti <http://www.cacti.net/> provides metrics on active tunnels, throughput etc.
Attachments are NMIS_Ping_Response, Cacti_24hr_Active_Tunnels and Cacti_30days_Active_Tunnels.
05-26-2009 07:33 AM
Hi,
Do you have the same for SSL VPN?
I want to have graphs for SSL VPN on my ASA but Performance Monitor doesn't support it and I can't find anything on the internet to do it with Cacti or anything else...
05-26-2009 07:43 AM
I use Netflow. If I want graphs for ssl vpn I need to identify the ip address of the endpoint fisrt and then I can get good graphs etc. This isnt the best solution as most endpoint for ssl vpn change periodically. Custom snmp pollers dont work well as the vpn session changes between connections and you cant easily track sessiond because the snmp mib keeps changing.
05-26-2009 11:17 AM
I have to say we do not use SSL. Only IPSec. But I am looking for OID and how to configure Cacti for SSL as well. I will post / let you know what I find.
10-01-2009 01:08 AM
Nobody has found anything for SSL Statistics on Cacti?? I'm trying to do it myself but I'm not getting any results...
10-05-2009 01:56 AM
Finally I've done it myself on Cacti:
http://forums.cacti.net/viewtopic.php?p=174500#174500
Hope it will work for you :)!
10-05-2009 07:11 AM
Thanks, I am going to try it on for size. Good work,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide