Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC VPN Bandwidth


Site-to-Site IPsec tunnel between Cisco Security Appliances (ASA/PIX) and a Cisco IOS Router.

How do I identify how much bandwidth is consumed on this VPN Link.

ASA#show crypto isakmp sa
ASA#show crypto ipsec sa

above command doesnt help.

any input



  • WAN Routing and Switching

Re: IPSEC VPN Bandwidth

There isn’t much support for per tunnel bandwidth statistics on the ASA. 

I would rely on netflow on the IOS router.  Export your netflow statistics to a netflow collector and pull reports based on the routers public interface focused on IPSEC traffic destined to the ASA’s public IP address.

Here’s an open source netflow collector

If you have some money to invest I recommend Statseeker because it scales very well for bandwidth monitoring and has a built in netflow collector.

Christopher Gatlin


Re: IPSEC VPN Bandwidth

NetFlow should help. You can either monitor the tunnel termination interface on the IOS router if it supports NetFlow export or the ASA device itself if it has IOS 8.2 or higher using NetFlow.

If you can let me know the router model or the version on the ASA, I can find out if it supports NetFlow and assist you with the related NetFlow configuration. NetFlow Analyzer from ManageEngine has a free edition which lets you monitor 2 interfaces with no feature limitation on NetFlow reporting.

Don Thomas Jacob
ManageEngine  NetFlow Analyzer

Regards, Don Thomas Jacob Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
New Member

Re: IPSEC VPN Bandwidth


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.