Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN tunnel monitoring

Hi all,

I just wondering if there is anyone doing the same way as what we are looking for.

we have 4 offices mass connected with VPN tunnels through internet boradband (i.e. 6 VPN tunnels). I am looking for a monitoring tools to monitor the bandwidth of different tunnels (only vpn tunnel not including normal internet traffic).

any suggection is appreciate.

Donald

7 REPLIES
New Member

Re: VPN tunnel monitoring

Hello,

I am also looking for the same....

Someone please advice.

Chow

New Member

Re: VPN tunnel monitoring

We have a similiar scenario, but much bigger, we have 121 branches worldwide and each has a VPN connection (based on Internet)to head office in Canada.

If you use IPSec+GRE mode to build your VPN connections, that's very easy, just run a MRTG, PRTG, Cricket to monitor each of your VPN connection and respective traffic based on tunnel interfaces.

If you just use IPSec based on Cisco routing platform to build your VPN connections, you can try NetFlow tools,like NetFlow Tracker, NetFlow Analyzer,FlowScan,CFlowd to monitor your VPN traffic based on IPSec protocols' characters, like IP Protocol 50,51 or UDP port 500.

Thanks,

Jerry

New Member

Re: VPN tunnel monitoring

Thank you for your reply.....

Can you get me the link for Cricket... tool

and your recommendation to select a tool for IPSEC based VPN Connection ....

You mentioned so many ( Netflow tracker .... Netflow Analyser..... etc )

New Member

Re: VPN tunnel monitoring

1:Cricket URL is following:

http://cricket.sourceforge.net/

2:If your scenairo is just only running IPSec over Internet, no GRE tunnels deployed, you have to use a Netflow tool to monitor your VPN traffic, you can choose Netflow tracker or Netflow Analyzer to do this job, they both have a trail version to let you evaluate.

Netflow tracker's URL is following:

http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1

Netflow Analyzer's URL is following:

http://manageengine.adventnet.com/products/netflow/index.html

hope those information can help you.

Jerry

New Member

Re: VPN tunnel monitoring

Hi Jerry,

Thanks for the information, however I am using PIX to build the VPN tunnel, it sounds like PIX not support netflow, any advice?

Regards,

Donald

New Member

Re: VPN tunnel monitoring

cant you trigger off of the following traps if you use an IPSEC GRE tunnel?

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

New Member

Re: VPN tunnel monitoring

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

2084
Views
0
Helpful
7
Replies