Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

site-to-site VPN: identify traffic

Miyo360
Getting noticed
Wednesday
Wednesday

site-to-site VPN: identify traffic

Hello. 

 

I have a site-to-site VPN setup between two MX's very far apart. Only the necessary VLAN's on both sides are configured to be a part of this S2S. I expect very little traffic; some occasional AD replication perhaps, but not much else. 

 

Yet my usage shows a steady throughput thoughout the day, even overnight. Is there a way to identify what traffic, or type of traffic is being sent/received, and by what clients?

 

Miyo360_0-1723022843316.png

 

Thanks

Michael.

0 Kudos
Subscribe
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Do a packet capture and see what it is.

Subscribe
cmr
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Some of it will be the VPN handshaking traffic and if you have a Windows network there is often quite a bit of 'chat' between domain members.  If you go to the VPN status page you can see what traffic is using what link at each end and why, even if you only have one link.  This should help you identify at least some of it.

Subscribe
GreenMan
Meraki Employee
Meraki Employee
Wednesday
Wednesday

YOu could also set up Netflow to an appropriate collector for flow data:   https://documentation.meraki.com/MX/Monitoring_and_Reporting/NetFlow_Overview

 

I'd go with running some packet captures as a starter...

Subscribe
Miyo360
Getting noticed
Wednesday
Wednesday

Thanks all for the suggestions. They are all useful suggestions. For now, I have setup NetFlow to our PRTG platform and will leave that running overnight to collect more data. 

Subscribe
Eric-Fretz
Here to help
Thursday
Thursday

Does your MX licensing level give you access to "Traffic Analytics" ?  If so, click on "Network-wide" -> "Monitor" -> Traffic Analytics and see what has been on your network for the past few hours.  You should be able to sort by the traffic type with most traffic since the network throughput seems to be pretty consistent and will be much higher volume than the normal background noise on the network.

0 Kudos
Subscribe
In response to Eric-Fretz
Miyo360
Getting noticed
Thursday
Thursday

Thanks for the tip. Unfortunately I don't see the 'Traffic Analytics' menu under my network. Is it a requirement to have Meraki switches for this to show up? If so, this might explain it - we only have the MX's.

0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
Thursday
Thursday

Yes - switches are needed for Traffic Analytics:   https://documentation.meraki.com/MS/Monitoring_and_Reporting/Switch_Traffic_Analytics

0 Kudos
Subscribe
In response to GreenMan
PhilipDAth
Kind of a big deal
Kind of a big deal
Thursday
Thursday

Negative.  You can also have traffic analytics with just an MX in the network.

 

Under network wide/general, set "Traffic Analysis" to "Detailed".

PhilipDAth_0-1723147492747.png

 

BUT, I don't think tihs will help with what i consuming traffic over a site to site VPN.  Do a packet capture since the traffic is there all the time.  Load into Wire Shark.  Ask for a top conversations reports.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.