Solved

VPN traffic in Cisco PIX logs

Posted on 2006-07-03
7
429 Views
Last Modified: 2013-11-16
Dear Experts,

I am using CiscoPIX firewall. I can see the traffic logs as below.

<166>May 20 2006 01:00:00 kumar: %PIX-6-302013: Built outbound TCP connection 31174132 for outside:xxxxx/80 (xxxxxxxxx/80) to inside:xxxxxxx/52648 (xxxxxxxx/54508)
<166>May 20 2006 01:00:00 kumar: %PIX-6-302014: Teardown TCP connection 31174132 for outside:xxxxxxxxxx/80 to inside:xxxxxxx/52648 duration 0:00:01 bytes 1048576 TCP FINs

Is there a way to find the amount of traffic that is going through VPN per user? What is the signature in the log that I can look for?

regards
Kumar
0
Comment
Question by:mskumar_apk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 43 total points
ID: 17031216
As I said, the total amount of traffic gone through the outside interface can be seen with 'show int outside' but I am not really sure if you can do it for individual users on vpn.

Anyways, letz watch...

Cheers,
Rajesh
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17038798
No, I do not know of a way either for individual VPN users just using the PIX. I can do this using the VPN concentrators but that functionality is built in.
0
 
LVL 11

Assisted Solution

by:billwharton
billwharton earned 41 total points
ID: 17039433
Try using the ASDM or graphical interface to the PIX and it may show something

You can also try issuing the 'show isakmp sa' command and you'll see multiple security associations created and that may also show you the total amount of bytes/data transmitted, received
0
 

Author Comment

by:mskumar_apk
ID: 17040397
Hi,

If I execute 'show isakmp sa', I get only dst,src,state,pending,created and  no info on traffic.

So the conclusion is we could not get vpn traffic through cisco pix logs right?

thanks,

with regards,
Kumar
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 41 total points
ID: 17040422
I believe that to be correct in regard to individual users.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question