Monitoring ASA VPN sessions using groups

lastina38 · ‎02-14-2012

Hello,

I was wondering if it was possible to monitor ASA VPN sessions (IPsec and SSL)

according to tunnel groups !

We are currently using Cacti (which uses snmp) in order to monitor our ASA 5520 (see the attached graph).

The goal is to graph sessions in Cacti according to connection profiles or group-policy.

This way we could have specific statistics for each "group of users".

I already researched and tested some Cisco OID using :

sh snmp-server oidlist ...

and then linux commands to obtain the values.

But I still didn't find a way to do it.

Thanks,

M.

vpnttg001 · ‎06-24-2013

Hi,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is following: Other (commonly used) software's are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer's IP address and it stores for each VPN tunnel historical monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com