VPN Bandwidth

Similar Messages

• Monitoring Remote SITE TO SITE vpn (Bandwidth - utilized)

  Can somebody say how to know the bandwidth utilized
  by the site to site vpn please
  Tks
  THomas

  Hi Thomas,
  You can use "Interface Graphs" in Pix Device Manager. This is a monitoring tool that will serve the purpose that you mentioned.
  You can get more info at :
  http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pixdm_ds.htm

• ASA5510 VPN Bandwidth Calculations

  Were running an ASA5510 with multiple IPSEC VPN clients over a 100Mb leased line. At the moment we have about 10 active clients however we are looking at gearing up to about 100 clients.
  Question is, is there a known method for calculating the required bandwidth for this number of clients or indeed obtaining metrics from already connected clients to help with this calculation.
  We have tried a few monitoring products, most notably Solarwinds, however none of the products we have tried seems to be able to give us the throughput of the individual VPN connections to assist with our calcs....

  Hi Rob,
  Check  out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP  monitoring and measuring the traffic load for IPsec  (Site-to-Site,  Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco  ASA. It allows the user to see traffic load on a VPN  tunnel over time  in graphical form.
  Advantage of VPNTTG over other SNMP based monitoring software's is   following: Other (commonly used) software's are working with static OID   numbers, i.e. whenever tunnel disconnects and reconnects, it gets   assigned a new OID number. This means that the historical data,  gathered  on the connection, is lost each time. However, VPNTTG works  with VPN  peer's IP address and it stores for each VPN tunnel  historical  monitoring data into the Database.
  For more information about VPNTTG please visit www.vpnttg.com

• VPN Bandwidth Utilization

  I have site to site Configuration of VPN 3030 Concentrator ( one At HQ) and VPN 3005 Concentrator ( 14 At Branch Office). I want to measure the Bandwidth Utilization of VPN 3030 Concentrator at HQ.
  Is there any command,network management software tool or utility available so I can measure the Bandwidth ?
  Dinesh

  Hi!
  Opensystems Private I syslog software collects, alerts, reports, and archives VPN (and other syslog) log data.
  Private I can detail the activity going through your VPNs, as well as tell you how much of the network users are using.
  -Collects thousands of messages per second from a variety of network devices
  -Real time alert notification via audio, visual, email, SNMP, or pager
  -Powerful ad-hoc query capability
  -Over 100 canned reports and graphs
  -Easy customization and creation of new reports
  -Scheduled report engine for timely output
  -Offloading aged data for easy access
  Check http://www.opensystems.com
  Br Juha

• Boot camp with Cisco VPN client and smart card

  Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
  Thanks

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• User from certificate with Cisco VPN client and ASA (and radius)

  Hello,
  we are trying to migrate a vpn client connection from GROUP to certificate. We want that client uses the user from the certificate and doesn't ask user, only password. Is it possible? Now, with user certificate, you can connect as another user if you know the user and the password of the other user with your own certifcate.
  Thanks!
  Santiago.

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• Security Report VPN Graph is Blank

  VPN Bandwidth
  - Even though the VPN Bandwidth Bytes by Day contains data, the graphs are blank.
  - SSL VPN graph is working fine.

  We found the root cause it was because table "task" does not have records in APPSERVER Database.
  Once we updated task table. Security report SEC_LIST_MBR is displaying results correctly.
  Regards,
  Rajesh

• Using OS X Server VPN to Access NAS Drive?

  Hi everyone!
  I have been looking into getting an NAS drive for cloud backups and storage, and I was wondering if I bought an NAS drive like the Synology Diskstation, would I theoretically be able to use Mac OS X's VPN function to share the NAS drive to, say, my MacBook when I was not at home? Would that be possible, being able to access the files on the NAS drive whenever I have a Wi-Fi connection regardless of where I am?
  Thanks much!

  In addition to what Linc Davis wrote...
  The performance of your VPN-based share will be the lesser of the VPN bandwidth, of the NAS bandwidth, of the overhead of whatever file storage protocol you're using to access the storage, of your own local network uplink, of the coffee shop network, or whatever happens to be the slowest link within this connection. 
  Certainly prototype this configuration and find out what you can get for performance, but you might not find that the results meet your expectations.  Particularly if you're thinking that you'll get NAS share-like access akin to what you get when directly connected to your local network.  You won't get anything near that, unless you're connected on some big (and expensive) network links.
  While many folks do have remote access into various remote networks via VPN and can access and transfer files via those VPNs, a common alternative used by many folks involves pushing the core shared files up to a cloud-hosting provider, and accessing the individual files from there.  This approach gets several parts of the connection out of the path, and moves your core shared files "closer" to you in the network; out onto hosting servers (usually) with much lower network latencies and with far larger network bandwidth.  Dropbox and SpiderOak are in this market, and there are others.
  If you do head further along the self-hosting path that you're currently on (and if you do have the network bandwidth to support this), then something like OwnCloud might be interesting to you, too.  Here's a write-up on OwnCloud.  There are other private-cloud packages around, as well.

• VPN performance

  We have a site to site tunnel setup recently, to use the internet link for tunnel purpose we have upgraded the bandwidth to 10 mbps. Since the bandwidth usage is not crossing 2 mbps during peak hours itself we have not implemented any kind of Qos in the firewall. Also my understanding is that the VPN bandwidth will be exactly the bandwidth that is available in the internet link therefore in my case i should get 8 mbps speed for my VPN.
  The FTP download speed over the VPN is not crossing 20 kbps same time i am able to get a speed of around 170 kbps over internet to the same remote FTP server.
  I am doubting that the internet link provided is not a 1:1 corporate internet connectiviy and for the VPN to perform to the optimum bandwidth the link should be 1:1.
  Please help.

  Using what protocol? What kind of a connection?
  I did some testing today and I got about 420KB/s download speed from the expected 4Mbit G-SHDSL we also have. Upload speed (to server) was 245 KB/s.
  So no real loss because of the VPN. Pretty much used all the available bandwidth from the server.
  To the server is retstricted because I'm at home using an ADSL connection about 2.5Mbit (AnnexM) to Internet (and 17.5Mbit from). I'm behind a D-Link G604T modem/router
  This was using FTP and through a gigabit interface firewall to our DMZ and a G4 dual 1GHz 10.4.11 MirrorDoor running PureFTP.
  The VPN server is a MacPro 4 core 2GHz running 10.5.3 (not doing very much else at the moment) and the client a 2,4 GHz MacBook pro also on 10.5.3.
  Looks like AFP did about the same. No special tuning involved.

• Service Policy won't attach to interface - NO error

  Hi,
  Am doing some simple CE VoIP QoS for a IPSEC/GRE Customer. I try to ATTACH the policy to the tunnel outbound and the command is accepted without any error but nothing appears in the config.
  Here's the base config:
  class-map match-all IPSEC-VPN
  match access-group name IKE_ACL
  class-map match-all ROUTING
  match ip dscp cs6
  class-map match-all NETWORK-MANAGEMENT
  match ip dscp cs2
  class-map match-any VOICE-SIGNAL
  match protocol rtp
  match ip precedence 3
  match ip dscp cs3
  match ip dscp af31
  match ip dscp af32
  class-map match-any VOICE-BEARER
  match ip precedence 5
  match ip dscp ef
  match ip dscp cs5
  policy-map SHAPE-ADSL-UPLINK
  class class-default
  bandwidth remaining percent 50
  random-detect
  random-detect ecn
  policy-map VoIP-QoS
  class VOICE-BEARER
  priority percent 34
  class VOICE-SIGNAL
  bandwidth percent 5
  class ROUTING
  bandwidth percent 2
  class NETWORK-MANAGEMENT
  bandwidth percent 2
  class IPSEC-VPN
  bandwidth percent 2
  class class-default
  (config)# int t203
  (config-if)#service-policy output SHAPE-ADSL-UPLINK
  NOTHING appears in the config and sh policy-map int t100 shows an unapplied policy.
  Using:
  c836-k9o3s8y6-mz.123-8.T5
  Another bug?
  Thx

  Policy should read (nested):
  policy-map SHAPE-ADSL-UPLINK
  class class-default
  bandwidth remaining percent 50
  random-detect
  random-detect ecn
  service-policy VoIP-QoS

• DMVPN GRE over IPSEC Packet loss

  I have a hub and spoke DMVPN GRE over IPSec topology. We have many sites, over 10, and have a problem on one particular site, just one. First off I want to say that I have replaced the Router and I get the same exact errors. By monitoring the Terminal, I regularly get these messages
  %VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=10.X.X.X,dstadr=10.X.X.X,size=616,handle=0x581A
  %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=1
  The tunnel is up, passes data, and always stays up. This router is a Spoke router. The routing protocol being used is EIGRP. When I do a
  Show Crypto isakmp sa, it shows the state as being "QM_IDLE" which means it is up.
  When I use the "Show Crypto Engine accelerator stat" this is what I get (Attached File)
  You can see that there are ppq rx errors, authentication errors, invalid packets, and packets dropped. I know this is not due to mis-configuration because the config is the same exact as other sites that I have which never have any problems. Here is the tunnel interface and the tunnel source interface on the Spoke Router
  interface Tunnel111
  description **DPN VPN**
  bandwidth 1000
  ip address 172.31.111.107 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1300
  ip pim sparse-dense-mode
  ip nhrp authentication XXXX
  ip nhrp map multicast dynamic
  ip nhrp map multicast X.X.X.X
  ip nhrp map X.X.X.X X.X.X.X
  ip nhrp network-id 100002
  ip nhrp holdtime 360
  ip nhrp nhs 172.31.111.254
  ip route-cache flow
  ip tcp adjust-mss 1260
  ip summary-address eigrp 100 10.X.X.X 255.255.0.0 5
  qos pre-classify
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key XXXX
  tunnel protection ipsec profile X.X.X.X
  interface GigabitEthernet0/0
  description **TO DPNVPN**
  ip address 10.X.X.X 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nbar protocol-discovery
  ip pim sparse-dense-mode
  ip virtual-reassembly
  duplex full
  speed 100
  no snmp trap link-status
  no mop enabled
  Is there anything that you can think of that may becausing this, do you think this can be a layer one or two issue? Thanks
  Brenden

  Have you try to turn off the hardware encryption (no crypto engine accelerator) just to see if it's better. But be careful, cause your CPU% will run much higher, but you only have 10 spokes sites, so it wont be at 100%.
  It's better to start troubleshooting by layer 1 then layer 2 when it's possible. Have you ask the site's ISP for packet lost on their side ?

• DMVPN: requires clear crypto sa

  My DMVPN worked fine yesterday. However the DMVPN didn't come in. I left it for 20 with no joy.
  Once I did a clear crypto sa on the spoke the tunnel came up.
  This seems like I'm missing something in my config.
  Can someone advise?

  Sorry my Spokes tunnel config is:
  interface Tunnel0
  description HO-VPN
  bandwidth 100
  ip address 10.x.250.6 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication password
  ip nhrp map multicast dynamic
  ip nhrp map multicast publicIP
  ip nhrp map 10.x.250.1 publicIP
  ip nhrp network-id aNumber
  ip nhrp holdtime 360
  ip nhrp nhs 10.x.250.1
  zone-member security Zone-TunnelToHO
  ip ospf network broadcast
  tunnel source FastEthernet4
  tunnel mode gre multipoint
  tunnel key aNumber
  tunnel protection ipsec profile protect-gre

• Bandwidth utilised for dialog users and VPN encryption for ERP 6.0 ABAP

  Hi all,
  I have 30 users coming from remote locations to SAP system using centrally connected VPN server which is running with 2 mbps leased line bandwidth.
  what is the bandwidth taken for every dialog user on a average 3 sessions always connected.(ERP 6.0 ABAP)
  what encryption is suggested during vpn setup ,are there any limitations.
  I am trying to explore  above mentione and request to please advice based on standard industry best  practice experience.
  thanks,
  Rahul.

  Hi Rahul,
  what is the bandwidth taken for every dialog user on a average 3 sessions always connected.(ERP 6.0 ABAP)
  The amount of bandwith used is minimal..   this is well documented, read SAP Note 62418
  what encryption is suggested during vpn setup ,are there any limitations.
  This is completely up to your company security policies
  Regards
  Juan

• Applying bandwidth restriction to a VPN

  Hello Experts,
  I have a L2L vpn configured between two sites on which we route various Intranet traffic like FTP, file copying, etc. I want to limit bandwidth between hosts. Example: 1mbps I want to allocate between Host A lying at site 1 and Host B lying at site 2. Not sure if it is possible, please suggest.
  Thanks
  Arabinda

  Here is the config example for VOIP through the VPN tunnel.
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
  you can use the same logic for your scenario.
  thanks
  -SYed

• Can QoS be implemented when VPN tunnel bandwidth is unknown?

  Is it possible to have some sort of QoS on both sides of a VPN tunnel when the speed at the endpoint is unknown. In other words is it possible to have QoS bandwidth parameters to be automatically detected/adapted to the actual bandwidth?

  Hey Martin,
  Thanks for your reply. I Think IntServ won't be a solution straight away, I'll try to explain what I would like to do.
  What my issue is that I have a few locations who are kind of mobile, and each location connects to the internet via various links, depending on which is available. This link can be a normal ISP which blocks all traffic except port 80 and 443. The connection could be a simple ISDN dialin or a dedicated T1 link.
  Because there is a Cisco VoIP router on the mobile location and some users' data should have precedence over others' I would like to implement QoS.
  My idea was when I were able to set up a site-to-site SSL VPN tunnel to a router in a datacenter (using Array Network stuff if the Cisco can't do site-to-site SSL) I would have more control over the internetlink. I Would not be limited to using only port 80 and 443: all traffic would just go encrypted and look like normal HTTPS traffic.
  It's likely that this VPN link would always consume the maximum available bandwidth. When it is be possible for some QoS mechanism to "detect" the speed of the VPN I could let's say dedicate bandwidth for 4 VoIP calls and the remaining bandwidth can be made available for normal traffic. Note that this normal traffic should have some priority levels too.
  Assigning dedicated bandwidth to VoIP isn't a big problem I think, however how can I make x percentage of the remaining bandwidth available to user x and y percentage available to user y?
  I Hope I wrote it understandable ;).
  Regards