Solved: Re: ASA Question

keven.jones · ‎12-24-2010

Hello

On ASA 5540 we are terminating 6 IPSEC tunnels and Remote Access VPN. How do I identify which Tunnel is eating more bandwidth.

Remote Access users mostly connected after working hours, so those are not my concern for now.

ISP---------Internet-Router----------ASA----------L3_Switch

Total Internet Bandwidth we got is 10MB, MRTG from ISP indicates 70% utilized.

Are there any ways to find how much each IPSEC Tunnel is consuming Bandwidth & how much each Remote Access VPN session is consuming.

Cheers

Keven

manasjai · ‎12-24-2010

you can use solarwind netflow analyser!!

Also, ASA 8.2.1 has an interface bug with netflow. It would be good it you use software version 8.2.2

Thanks,

Manasi!!

manasjai · ‎12-24-2010

Hey Keven,

You might wana use Netflow to identify bandwidth used by the IPSEC tunnel.

Netflow is supported on ASA version 8.2.1 onwards.

Following is the document to configure netflow on the ASA,

In the above document, you can modify the access-list global_mpc as per tour requirement. (for ipsec tunnels)

Hope this helps!

Cheers,

Manasi

keven.jones · ‎12-24-2010

Manasi,

Any recommended Netflow collector tool for ASA.

cheers

Keven

manasjai · ‎12-24-2010

you can use solarwind netflow analyser!!

Also, ASA 8.2.1 has an interface bug with netflow. It would be good it you use software version 8.2.2

Thanks,

Manasi!!

keven.jones · ‎12-25-2010

Thanks Manasi, will check this out.

cheers

Keven