VPN bandwidth monitoring Cisco ASA

Quick question for you all here and let me preface this by saying, I know everything about this ASA is old and we are in the process of ordering some new gear to replace it, but I'm stuck with it for another month or two.

We have an ASA5510 running software version 7.0(7), and device manager version 5.0(7).

We have some ipsec site to site VPN's to a few different clients out there and we are needing to see if possible how much traffic is being sent/received across one of those VPN's. What's the best way to do that with a ASA?

I've setup PRTG, but it's only picking up the interfaces on the device and not the VPN tunnels. Is it even possible to do that with this older version of a firewall? Is it possible to view current in/out via a CLI command?
LVL 4
themightydudeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jonathan BriteSystem AdminCommented:
use the trial bandwidth monitor from Solarwinds or ManageEngine(Netflow I think).  You should be able to try them both out for a month and see if either one works for you.
0
vpnttgCommented:
Hi,

Check   out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP   monitoring and measuring the traffic load for IPsec  (Site-to-Site,   Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a  Cisco  ASA. It allows the user to see traffic load on a VPN  tunnel over  time  in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is    following: Other (commonly used) software's are working with static  OID   numbers, i.e. whenever tunnel disconnects and reconnects, it  gets   assigned a new OID number. This means that the historical data,   gathered  on the connection, is lost each time. However, VPNTTG works   with VPN  peer's IP address and it stores for each VPN tunnel   historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com
0
themightydudeAuthor Commented:
I downloaded PRTG the other day and it grabbed all the interfaces except when I use the SNMP feature of PRTG to grab traffic data for the VPN tunnels it says there are no sensors like that on the ASA.

I can give the VPNttg software a shot and see if it works though.

Is there a CLI command I can use though to just get a snapshot at that time of the amount of bandwidth being used on that tunnel? Like a sh int?
0
vpnttgCommented:
VPNTTG is based on a SNMP protocol, so you can get average bandwidth for the 5 minute time interval.
With the CLI command you can see VPN tunnel’s inbound and outbound octets SNMP counter values.
VPN tunnel’s bandwidth you can see on graphs as it is shown on following screenshot: http://www.vpnttg.com/screen-shots/l2l-vpn-tunnel
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
themightydudeAuthor Commented:
I was able to download and use VPNTTG to accomplish what I wanted.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.