Were running an ASA5510 with multiple IPSEC VPN clients over a 100Mb leased line. At the moment we have about 10 active clients however we are looking at gearing up to about 100 clients.
Question is, is there a known method for calculating the required bandwidth for this number of clients or indeed obtaining metrics from already connected clients to help with this calculation.
We have tried a few monitoring products, most notably Solarwinds, however none of the products we have tried seems to be able to give us the throughput of the individual VPN connections to assist with our calcs....
I don't think you'll find any formula to calculate this unless all of the VPN clients run the same applications and send the same traffic profile through the ASA.
You could try using NetFlow monitoring on the ASA:
The ASA will report statistics on a per-connection (i.e. source IP/port and destination IP/port) basis, but the NetFlow collector software you use will likely be able to aggregate this on a per-client basis.
Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN tunnel over time in graphical form.
Advantage of VPNTTG over other SNMP based monitoring software's is following: Other (commonly used) software's are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer's IP address and it stores for each VPN tunnel historical monitoring data into the Database.
For more information about VPNTTG please visit www.vpnttg.com