03-10-2005 01:50 AM
Hello,
Can someone tell me a free soft to monitor VPN users in a PIX or a method to monitor them by SNMP.
Thanks
03-10-2005 11:01 AM
It depends on how granular you want to monitor. Finding the SNMP OID's for what you want out of the PIX can be hard, personally I usually use alternate methods............I may use MRTG (snmp based) to monitor the bandwidth and uptime on the PIX, but thats about it.
You can use NTOP and put it on a monitor/sniffer port behind your firewall.
Internet <--> PIX --> Hub --> Switch --> Users
NTOP http://www.ntop.org/ntop.html is a linux based application that monitors traffic flows at the host level, and is also very good for baselining your network.
I have had much success with Red Hat 7,8,9 and NTOP.
If you only want to monitor VPN Users and you have a specific pool allocated for them, you can use Berkely Packet Filters to drill it down
i.e.,
VPN Pool = 10.1.5.0/27
/usr/local/bin/ntop -i eth1 -u ntop -P /home/ntop -d -B "net 10.1.5.0/27)" -w 8000
where -w = Port you want NTOP's web server to listen on
-P = path to ntop database
-i = interface you want NTOP to listen on
-B = regular expression BPF filter
-u = user that the NTOP process runs under
If you are not comfortable installing and working with Linux, there is a image of a linux distro called OSSIM http://www.ossim.net/ . All you'll need to do is burn the image to a CD and once you install it, the bulk of the configuration is done.
03-13-2005 11:41 PM
Hello,
Thanks for your reply.
I have used a sniffer to scan the VPN user IP range.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide