cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16402
Views
0
Helpful
4
Replies

Monitoring IPSec Tunnel Bandwidth Utilization

hbremer
Level 1
Level 1

We have a Cisco ASA 5520 supporting multiple VPNs - both remote-access  and Lan-to-Lan.  We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels. How can we do that?

Thanks,

Spr

4 Replies 4

Lee Valentin
Level 1
Level 1

The ASDM doesn't give you that visibility. You can try a number of things:

  • create a capture on the firewall and export to Wireshark and use their graphing capabilities to determine utilization
  • enable netflow on the firewall and export to a netflow collector and use the collector's reporting
  • any combination of the above using a probe or mirroring (SPAN) the traffic
  • Use an appliance like Cymtec Scout or a Sonicwall with the latest software version

The lowest cost, least intrusive solution that I can think of is to SPAN the port that the firewall is connected to, connect a laptop with Sniffer Pro installed, monitor and collect stats that way.

Good luck

Fabio Francisco
Level 1
Level 1

Hey Spr,

Have a look at cacti http://www.cacti.net/

you will be able to do a SNMP walk and collect the OID of all your interfacesand monitor them with cacti.

This will help you http://forums.cacti.net/about12873.html

Cheers,

Fabio

But this assumes you are using tunnel interfaces (Istand corrected). what are my option if i'm working with regular l2l tunnels on an ASA?

vpnttg001
Level 1
Level 1

Hi Spr,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec  (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN  tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is  following: Other (commonly used) software's are working with static OID  numbers, i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new OID number. This means that the historical data, gathered  on the connection, is lost each time. However, VPNTTG works with VPN  peer's IP address and it stores for each VPN tunnel historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: