I'm trying to use the Custom MIB Poller to monitor the status of a VPN tunnel on a Cisco ASA. Has anyone figured out how to do this?
I've found the following OID in the CISCO-REMOTE-ACCESS-MONITOR-MIB but the Custom MIB configuration wizard only lets me enter the first portion into the system. It appears that the OID is made up of the OID plus a three digit number which is unique to each tunnel. Thus, I cannot enter the ??? portion of the OID so as to look at that particular tunnel.
1.3.6.1.4.1.9.9.171.1.2.3.1.7.???
Any ideas?
What interface is your tunnel?
sh ip int bri
It terminates on the "Outside" interface.
Wouldn't it be easier to just monitor the device on the other end of the tunnel?
Because there are the possibility of multiple VPN tunnels, the three digits would indicate which one, this requires the GET TABLE functionallity which is not supported in 8.1 and from some other threads, wont be in 8.5 either, maybe 9.0? I really would like GET TABLE to monitor my servers (Disks, Logicial partitions, Arrays, Temperature sensors, etc)
I monitor my VPNs (only one per ASA) by monitoring (at the far end) the inside interface on the ASA and the outside interface on the edge router so if the ASA goes down but the edge router stays up, I know its the VPN and if the edge router goes down then everything is down.
JB
Hello,
I am also having problem with monitoring of VPN tunnels on our Cisco VPN concentrator, we have around 24 LAN-to-LAN IPSEC VPN tunnels and I want to monitor the bytes received and transmit for each tunnel, please tell me which OID will do this? I have Cisco VPN Concentrator 3020 series
Thanks,
Ali
We are using a Cisco ASA running version 8.0.x code and would like to gather stats on each of the ~100 tunnels we have active. These tunnels terminate with vendors and other organizations so we would be unable to monitor the remote side other than up/down status. It would be nice to be able to have Orion provide detailed reporting on each connection entry. Anybody from Solarwinds have anything, yes or no, or coming soon?
Get Table functionality is coming in the next major Orion release.
Denny, thanks for the quick response and you have made my day. I'm happy it's in the works.
jk
This is what I've been doing with my ASA VPN tunnels... For each tunnel I setup, I determine an IP address on the remote side that the IT staff will allow me to ICMP poll, at a minimum. Ideally, I get them to allow me public/RO access to some key resource on their end that should "always be up". I then monitor that IP address and as a Node, give it Custom Properties that describe it as a site-to-site VPN, etc.
you could monitor the number of active tunnels with this MIB
cikeGlobalActiveTunnels
I am running an ASA 5520 with 8.0.3 code and when I retrieve that OID (1.3.6.1.4.1.9.9.171.1.3.2.1.5) the IP Address comes back as nonsense. Any ideas?
aly.elnokali:Hii faced the same problem i have multiple VPN on the router and i need to monitor their status, i used 2 MIBs, this one 1.3.6.1.4.1.9.9.171.1.3.2.1.5 to get the peer address of the VPN, and anther one to show its status, but unfortunately it chooses one randomly VPN session to monitor. I need to monitor all the active session. Does anyone have any idea ??
Dears,
i have found this MIB 1.3.6.1.4.1.9.9.171.1.5.2.1.1.7 it specify the remote address but i can't see all the peers as i have multiple VPN on the same router, any idea?
So we are running Orion 9.0 sp2 and I am able to get the current active IKE tunnels from our ASA using the following: 1.3.6.1.4.1.9.9.171.1.2.1.1
The problem I am having is that in node view it is trying to average the results. It's throwing the data into a chart. I would really like the ability to have the node view give me the current number as an integer. Then give me a peak number or some sort of custom on-the-fly average if I so desire.
Anybody play around with this?