Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6236
Views
5
Helpful
5
Replies

Monitor Anyconnect VPN Tunnel Traffic

gtvit
Level 1
Level 1

‎03-17-2020 07:52 AM

Hello, 


We are currently using a ASA5545X with an anyconnect VPN using split tunneling.  With most of our users working from home, i wanted to monitor our anyconnect vpn tunnel to check the speed and ensure there's enough bandwidth so users aren't experiencing slowness.  Is there a way to do this?  We use a monitoring tool called PRTG but it doesn't look like it has a feature to monitor the tunnel.  

 

Thanks

Labels:
0 Helpful
5 Replies 5

Cristian Matei
VIP Alumni
VIP Alumni

‎03-17-2020 08:30 AM - edited ‎03-17-2020 08:33 AM

Hi,

 

   You don't care about each individual tunnel, do you? Per your request, you care about the overall/total BW on the Internet facing interface, correct? If there is more traffic than what you get from your ISP, you know there is a problem.

   However, if you really want to see VPN traffic, make use of NetFlow:

https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html#pgfId-1330480

   Another option would be to use SNMP, accessing the following MIBs: CISCO-IPSEC-FLOW-MONITOR-MIB and CISCO-REMOTE-ACCESS-MONITOR-MIB    

 

Regards,

Cristian Matei.

Deniz Y
Level 1
Level 1
In response to Cristian Matei

‎03-27-2020 03:26 AM

Hi,

 

I have a similar question. I wonder how to monitor and derive the statistics of VPN usage. More exactly, how can i get the statistics of the traffic that is going through the VPN tunnel. This is for a customer that has restrictions on what their clients are allowed to use the VPN for. So it is mainly to avoid clients using unnecessary bandwidth. 

 

Regards,

 

Deniz

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-17-2020 08:30 AM

You can Monitor external Link connected to ASA towards Internet see the availbaliyt compare to base line config.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

vpnttg001
Level 1
Level 1

‎09-04-2022 05:56 AM

Hi,

Check http://www.vpnttg.com/

Advantage  of VPNTTG over other SNMP based monitoring software’s is  following:  Other (commonly used) software’s are working with static OID  numbers,  i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new  OID number. This means that the historical data, gathered  on the  connection, is lost each time. However, VPNTTG works with VPN  peer’s IP  address and it stores for each VPN tunnel historical  monitoring data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

0 Helpful

Georg Pauwen
VIP
VIP
In response to vpnttg001

‎09-04-2022 11:45 PM

Nice tool !

0 Helpful
Customers Also Viewed These Support Documents