Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Monitoring IPSec Tunnel Bandwidth Utilization

We have a Cisco ASA 5520 supporting multiple VPNs - both remote-access  and Lan-to-Lan.  We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels. How can we do that?



New Member

Monitoring IPSec Tunnel Bandwidth Utilization

The ASDM doesn't give you that visibility. You can try a number of things:

  • create a capture on the firewall and export to Wireshark and use their graphing capabilities to determine utilization
  • enable netflow on the firewall and export to a netflow collector and use the collector's reporting
  • any combination of the above using a probe or mirroring (SPAN) the traffic
  • Use an appliance like Cymtec Scout or a Sonicwall with the latest software version

The lowest cost, least intrusive solution that I can think of is to SPAN the port that the firewall is connected to, connect a laptop with Sniffer Pro installed, monitor and collect stats that way.

Good luck

New Member

Monitoring IPSec Tunnel Bandwidth Utilization

Hey Spr,

Have a look at cacti

you will be able to do a SNMP walk and collect the OID of all your interfacesand monitor them with cacti.

This will help you



New Member

Monitoring IPSec Tunnel Bandwidth Utilization

Hi Spr,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec  (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN  tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is  following: Other (commonly used) software's are working with static OID  numbers, i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new OID number. This means that the historical data, gathered  on the connection, is lost each time. However, VPNTTG works with VPN  peer's IP address and it stores for each VPN tunnel historical  monitoring data into the Database.

For more information about VPNTTG please visit

CreatePlease login to create content