Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
931
Views
0
Helpful
3
Replies

Bandwidth Utilization of STS VPN (L2L)

Murugank
Level 1
Level 1

‎07-27-2020 04:34 AM - edited ‎07-27-2020 04:36 AM

We are having ASA 5585 and having 7 STS VPN & User Anyconnect VPN configured on the same ASA. We are expecting more amount of traffic passing through one of the STS VPN tunnel. We are suspecting high bandwidth utilization on tunnel.

 

ISP bandwidth - 1Gbps

 

Is there any way to check the bandwidth of STS VPN tunnel?

Is there any restriction on bandwidth tunnel?

How t monitor the tunnel bandwidth?Is there any tool from Cisco

 

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-27-2020 05:57 AM

You can see the status from the cli or ASDM of course but that will just be a point in time.

More often we monitor site to site VPN tunnel status and utilization using SNMP and a management system/tool like SolarWinds NPM or PRTG. Cisco's network management tool (Prime Infrastructure) really doesn't do a decent job in this area. If you migrate to cloud management and use Cisco Defense Orchestrator (CDO) it does a good job monitoring both site to site and remote access VPNs.

Bandwidth restrictions can be put in place using QoS but 99% of customers find that to be more trouble than it's worth. For what it's worth, here's the configuration guide section explaining how:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/conns-qos.html#ID-2133-000002dd

0 Helpful

Murugank
Level 1
Level 1
In response to Marvin Rhoads

‎07-27-2020 06:30 AM

How the bandwidth utilization calculated on the STS VPN?
Is it based on the ISP bandwidth?
no bandwidth restriction on STS VPN until specific QOS configured?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Murugank

‎07-27-2020 09:54 AM

SNMP will simply tell us the amount of data for a given time period. Depending on the management system you may be able to separately tell it the bandwidth of your ISP connection.

For instance you may have a 1 Gbps physical link that's only provisioned for 500 Mbps. It's up to you to either manually configure that information into the management system (if you can) or interpret the data that comes back from a query to know that 499 Mbps (for example) of site-site data is cause for concern.

Without something like QoS, the only restriction on site-site VPN throughput per se is how fast the box can encrypt and decrypt the data presented to it. Of course you have tcp level flow control mechanisms (like sliding window etc.) for connection-oriented traffic flows.

0 Helpful
Customers Also Viewed These Support Documents