Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3000 Accounting tunnel traffic

I have a question about accounting data traffic through site-to-site tunnel.

I need traffic data (how many bytes are sent and received through vpn tunnel to different customer sites).

Tunnels are authenticate with preshared keys. But I dont know, how I can get traffic data after the tunnel is disconnected.

I tried syslog with Event list "ALL/ (Sev1-13)", but I cant find traffic data, only connect time.

Who can help me?

Many thanks, Frank Pusch

New Member

Re: VPN3000 Accounting tunnel traffic

I've been troubleshooting a VPN concentrator connection lately. Maybe the following would help:

55245 03/09/2006 09:57:45.290 SEV=4 AUTH/28 RPT=832

User [user01] Group [Group-xxxxxx] disconnected:

Session Type: IPSec/NAT-T

Duration: 16:06:07

Bytes xmt: 1677288

Bytes rcv: 1644776

Reason: User Requested

Enable the AUTH Event Class and have the Sev 4 (and lower) sent to your syslog server. This event explains the type of IPSec connection, amount of data, and the reason for disconnection.

Hope this helps.


New Member

Re: VPN3000 Accounting tunnel traffic

Hi Mike,

Many thanks, but it doesnt work on my VPN concentrator.

Only user login (client to LAN) logs during logout the following line:

Mar 13 15:52:02 kpbcisco010 852868 03/13/2006 15:52:02.410 SEV=4 AUTH/28 RPT=2 User [Domain\user1] Group [] disconnected: Session Type: PPTP Duration: 0:00:39 Bytes xmt: 14608 Bytes rcv: 20123 Reason: User Requested

But LAN-to-LAN connections logs only:

Mar 13 15:54:09 kpbcisco010 852942 03/13/2006 15:54:09.650 SEV=4 AUTH/23 RPT=4222 User [] Group [] disconnected: duration: 1:21:48

Mar 13 15:54:09 kpbcisco010 852943 03/13/2006 15:54:09.650 SEV=4 AUTH/85 RPT=4123 LAN-to-LAN tunnel to headend device disconnected: duration: 1:21:48

Mar 13 15:54:10 kpbcisco010 852949 03/13/2006 15:54:10.220 SEV=4 AUTH/22 RPT=8459 User [] Group [] connected, Session Type: IPSec/LAN-to-LAN

Mar 13 15:54:10 kpbcisco010 852951 03/13/2006 15:54:10.220 SEV=4 AUTH/84 RPT=6897 LAN-to-LAN tunnel to headend device connected

There is no AUTH/28 event or other event with Bytes-data regarding LAN-to-LAN connections.

Do you have an additional hint or me?

Kind regards,

Frank Pusch

CreatePlease login to create content