Hi, just want to say first off that cacti is an amazing piece of software, and has helped make work a LOT easier! But on to the point..

There are several Cisco ASA Firewalls in our network, and I was asked to graph the traffic on each on a per vlan basis. I looked extensively for a template or previous work on this, but couldn't find anything that did what I wanted. Although I am new to cacti, I decided to jump in and try to write what I wanted myself, and this is the result.

It's a Data Query, Data Template and Graph Template for graphing traffic per Cisco IKE Tunnel. There may be a few bugs, but it does *seem* to be doing what it's supposed to, so I thought I'd put it up here for anyone like myself that needs something to build on.

The graph names come from the end point of the tunnel, as I found the OID for cikeTunRemoteName to more often than not be NULL.

As I've said, I'm a newcomer to cacti and this is my first post on the forum, and first attempt at writing a data template, so any constructive criticism or advice on something I have wrong is welcome!

Thanks mk429,

I put something together along the same lines, but I am seeing some inexplicably small amounts of data in each tunnel according to cikeTunInOctets and cikeTunOutOctets (as well as cikeTunInPkts and cikeTunOutPkts). Originally I had thought this to be a Cacti data template problem, but noticed that the counter values weren't changing nearly frequently enough.

Here are some screenshots from two of our ASAs (versions 8.0(2) and 7.2(1)) that show the problem. From the period of 12:00 the the end of the graph there is ~2Mbs of traffic traversing the tunnel.

Anyone else seen this before?

Looks like the majority of the traffic is IPSec: http://forums.cacti.net/viewtopic.php?t=12873