Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
17488
Views
0
Helpful
4
Replies

Monitoring IPSec Tunnel Bandwidth Utilization

hbremer
Level 1
Level 1

‎09-09-2011 12:12 AM - edited ‎02-21-2020 05:34 PM

We have a Cisco ASA 5520 supporting multiple VPNs - both remote-access  and Lan-to-Lan.  We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels. How can we do that?

Thanks,

Spr

Labels:
0 Helpful
4 Replies 4

Lee Valentin
Level 1
Level 1

‎09-12-2011 10:55 AM

The ASDM doesn't give you that visibility. You can try a number of things:

  • create a capture on the firewall and export to Wireshark and use their graphing capabilities to determine utilization
  • enable netflow on the firewall and export to a netflow collector and use the collector's reporting
  • any combination of the above using a probe or mirroring (SPAN) the traffic
  • Use an appliance like Cymtec Scout or a Sonicwall with the latest software version

The lowest cost, least intrusive solution that I can think of is to SPAN the port that the firewall is connected to, connect a laptop with Sniffer Pro installed, monitor and collect stats that way.

Good luck

0 Helpful

Fabio Francisco
Level 1
Level 1

‎09-12-2011 04:42 PM

Hey Spr,

Have a look at cacti http://www.cacti.net/

you will be able to do a SNMP walk and collect the OID of all your interfacesand monitor them with cacti.

This will help you http://forums.cacti.net/about12873.html

Cheers,

Fabio

0 Helpful

slicerpro
Level 1
Level 1
In response to Fabio Francisco

‎01-31-2018 08:03 AM

But this assumes you are using tunnel interfaces (Istand corrected). what are my option if i'm working with regular l2l tunnels on an ASA?

0 Helpful

vpnttg001
Level 1
Level 1

‎06-24-2013 01:15 PM

Hi Spr,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec  (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN  tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is  following: Other (commonly used) software's are working with static OID  numbers, i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new OID number. This means that the historical data, gathered  on the connection, is lost each time. However, VPNTTG works with VPN  peer's IP address and it stores for each VPN tunnel historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com

0 Helpful
Top