VPN bandwidth monitoring Cisco ASA

Quick question for you all here and let me preface this by saying, I know everything about this ASA is old and we are in the process of ordering some new gear to replace it, but I'm stuck with it for another month or two.

We have an ASA5510 running software version 7.0(7), and device manager version 5.0(7).

We have some ipsec site to site VPN's to a few different clients out there and we are needing to see if possible how much traffic is being sent/received across one of those VPN's. What's the best way to do that with a ASA?

I've setup PRTG, but it's only picking up the interfaces on the device and not the VPN tunnels. Is it even possible to do that with this older version of a firewall? Is it possible to view current in/out via a CLI command?
LVL 4
themightydudeAsked:
Who is Participating?
 
vpnttgCommented:
VPNTTG is based on a SNMP protocol, so you can get average bandwidth for the 5 minute time interval.
With the CLI command you can see VPN tunnel’s inbound and outbound octets SNMP counter values.
VPN tunnel’s bandwidth you can see on graphs as it is shown on following screenshot: http://www.vpnttg.com/screen-shots/l2l-vpn-tunnel
0
 
Jonathan BriteSystem AdminCommented:
use the trial bandwidth monitor from Solarwinds or ManageEngine(Netflow I think).  You should be able to try them both out for a month and see if either one works for you.
0
 
vpnttgCommented:
Hi,

Check   out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP   monitoring and measuring the traffic load for IPsec  (Site-to-Site,   Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a  Cisco  ASA. It allows the user to see traffic load on a VPN  tunnel over  time  in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is    following: Other (commonly used) software's are working with static  OID   numbers, i.e. whenever tunnel disconnects and reconnects, it  gets   assigned a new OID number. This means that the historical data,   gathered  on the connection, is lost each time. However, VPNTTG works   with VPN  peer's IP address and it stores for each VPN tunnel   historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com
0
 
themightydudeAuthor Commented:
I downloaded PRTG the other day and it grabbed all the interfaces except when I use the SNMP feature of PRTG to grab traffic data for the VPN tunnels it says there are no sensors like that on the ASA.

I can give the VPNttg software a shot and see if it works though.

Is there a CLI command I can use though to just get a snapshot at that time of the amount of bandwidth being used on that tunnel? Like a sh int?
0
 
themightydudeAuthor Commented:
I was able to download and use VPNTTG to accomplish what I wanted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.