Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3000 Accounting tunnel traffic

I have a question about accounting data traffic through site-to-site tunnel.

I need traffic data (how many bytes are sent and received through vpn tunnel to different customer sites).

Tunnels are authenticate with preshared keys. But I dont know, how I can get traffic data after the tunnel is disconnected.

I tried syslog with Event list "ALL/ (Sev1-13)", but I cant find traffic data, only connect time.

Who can help me?

Many thanks, Frank Pusch

2 REPLIES
New Member

Re: VPN3000 Accounting tunnel traffic

I've been troubleshooting a VPN concentrator connection lately. Maybe the following would help:

55245 03/09/2006 09:57:45.290 SEV=4 AUTH/28 RPT=832 1.1.1.1

User [user01] Group [Group-xxxxxx] disconnected:

Session Type: IPSec/NAT-T

Duration: 16:06:07

Bytes xmt: 1677288

Bytes rcv: 1644776

Reason: User Requested

Enable the AUTH Event Class and have the Sev 4 (and lower) sent to your syslog server. This event explains the type of IPSec connection, amount of data, and the reason for disconnection.

Hope this helps.

Mike

New Member

Re: VPN3000 Accounting tunnel traffic

Hi Mike,

Many thanks, but it doesnt work on my VPN concentrator.

Only user login (client to LAN) logs during logout the following line:

Mar 13 15:52:02 kpbcisco010 852868 03/13/2006 15:52:02.410 SEV=4 AUTH/28 RPT=2 212.224.53.21 User [Domain\user1] Group [] disconnected: Session Type: PPTP Duration: 0:00:39 Bytes xmt: 14608 Bytes rcv: 20123 Reason: User Requested

But LAN-to-LAN connections logs only:

Mar 13 15:54:09 kpbcisco010 852942 03/13/2006 15:54:09.650 SEV=4 AUTH/23 RPT=4222 3.3.3.3 User [3.3.3.3] Group [3.3.3.3] disconnected: duration: 1:21:48

Mar 13 15:54:09 kpbcisco010 852943 03/13/2006 15:54:09.650 SEV=4 AUTH/85 RPT=4123 LAN-to-LAN tunnel to headend device 3.3.3.3 disconnected: duration: 1:21:48

Mar 13 15:54:10 kpbcisco010 852949 03/13/2006 15:54:10.220 SEV=4 AUTH/22 RPT=8459 User [3.3.3.3] Group [3.3.3.3] connected, Session Type: IPSec/LAN-to-LAN

Mar 13 15:54:10 kpbcisco010 852951 03/13/2006 15:54:10.220 SEV=4 AUTH/84 RPT=6897 LAN-to-LAN tunnel to headend device 3.3.3.3 connected

There is no AUTH/28 event or other event with Bytes-data regarding LAN-to-LAN connections.

Do you have an additional hint or me?

Kind regards,

Frank Pusch

341
Views
0
Helpful
2
Replies
CreatePlease login to create content