Solved

VPN traffic in Cisco PIX logs

Posted on 2006-07-03
7
427 Views
Last Modified: 2013-11-16
Dear Experts,

I am using CiscoPIX firewall. I can see the traffic logs as below.

<166>May 20 2006 01:00:00 kumar: %PIX-6-302013: Built outbound TCP connection 31174132 for outside:xxxxx/80 (xxxxxxxxx/80) to inside:xxxxxxx/52648 (xxxxxxxx/54508)
<166>May 20 2006 01:00:00 kumar: %PIX-6-302014: Teardown TCP connection 31174132 for outside:xxxxxxxxxx/80 to inside:xxxxxxx/52648 duration 0:00:01 bytes 1048576 TCP FINs

Is there a way to find the amount of traffic that is going through VPN per user? What is the signature in the log that I can look for?

regards
Kumar
0
Comment
Question by:mskumar_apk
7 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 43 total points
ID: 17031216
As I said, the total amount of traffic gone through the outside interface can be seen with 'show int outside' but I am not really sure if you can do it for individual users on vpn.

Anyways, letz watch...

Cheers,
Rajesh
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17038798
No, I do not know of a way either for individual VPN users just using the PIX. I can do this using the VPN concentrators but that functionality is built in.
0
 
LVL 11

Assisted Solution

by:billwharton
billwharton earned 41 total points
ID: 17039433
Try using the ASDM or graphical interface to the PIX and it may show something

You can also try issuing the 'show isakmp sa' command and you'll see multiple security associations created and that may also show you the total amount of bytes/data transmitted, received
0
 

Author Comment

by:mskumar_apk
ID: 17040397
Hi,

If I execute 'show isakmp sa', I get only dst,src,state,pending,created and  no info on traffic.

So the conclusion is we could not get vpn traffic through cisco pix logs right?

thanks,

with regards,
Kumar
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 41 total points
ID: 17040422
I believe that to be correct in regard to individual users.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question