Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
754
Views
0
Helpful
4
Replies

Monitoring and Pinging ASA over VPN

ytlee80
Level 1
Level 1

‎05-18-2011 05:33 PM

I hope you guys will be able to help me on this. I have two ASA running 7.2(3) and 7.2(4) respectively, which is connected via site to site VPN. I have no problem getting the VPN to work. However I have been trying to setup monitoring of the VPN's utilization of the for siteB ASA from siteA without any success. Also can anyone share how to get ping and traceroute working from siteA to siteB, meaning traffic travel via the tunnel and get a ping and traceroute response from the inside and outside interface.

I have tried adding

icmp permit any any echo-reply inside

icmp permit any any echo-reply outside

and also permit icmp from outside to inside but not working

All help is appreciated.

Labels:
0 Helpful
4 Replies 4

Roman Rodichev
Level 7
Level 7

‎05-18-2011 05:35 PM

add "inspect icmp" and "inspect icmp error" to the policy-map

0 Helpful

Diego Armando Cambronero Arias
Level 3
Level 3

‎05-18-2011 07:30 PM

There is a command from the global config mode it start with management I do not remeber the whole command

Sent from Cisco Technical Support iPhone App

0 Helpful

ytlee80
Level 1
Level 1

‎05-19-2011 07:08 PM

Hi,

Thank you very much for your replies. i will test that out.

Do you guys have any luck monitoring utilization of vpn? I am not sure how to monitor individual vpn usage. If you guys have any recommendation of software , please let me know.

0 Helpful

vpnttg001
Level 1
Level 1
In response to ytlee80

‎06-24-2013 02:17 PM

Hi,

Check  out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP  monitoring and measuring the traffic load for IPsec  (Site-to-Site,  Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco  ASA. It allows the user to see traffic load on a VPN  tunnel over time  in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is   following: Other (commonly used) software's are working with static OID   numbers, i.e. whenever tunnel disconnects and reconnects, it gets   assigned a new OID number. This means that the historical data,  gathered  on the connection, is lost each time. However, VPNTTG works  with VPN  peer's IP address and it stores for each VPN tunnel  historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents