VPN Monitoring

Unanswered Question
Aug 16th, 2007

Is there a way that I can monitor if a vpn tunnel is up or down? I know you can do sh cry isakmp sa or via the asdm but that does not alert me if a tunnel is up or down, or give me any historical data about the tunnel.

I tried via solarwinds but it only lets me monitor the interfaces and not the tunnels.

Does anyone know a good solution or maybe a custom app?

Thanks in advance

-E

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Difan Zhao Thu, 08/16/2007 - 10:09

That's what I want to know too! I know there are two snmp commands

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

I didnt test them yet. You may want to try it.

By the way, what kind of VPN are you using? I am updating my VPN from IPsec+GRE to DMVPN. Will these commands work on both kinds of VPN?

elovelace256 Thu, 08/16/2007 - 12:50

I am unning a pair of asa's with ipsec+GRE tunnels.

I tried both snmp commands and I could only impliment ipsec and not isakmp.

However I did find that cisco works has some monitoring tools included but I don't know the cost.

I would have thought there is an easy way.

I used to work for Siemens business services. Great company to work for.

Anonymous (not verified) Fri, 08/17/2007 - 09:37

E,

There are other tools on the market which can do what you are asking for,

~R

beecher Fri, 08/31/2007 - 10:09

Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs. Links:

Security Manager:

http://www.cisco.com/go/csmanager

Performance Monitor User Guide:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html

Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement. We would like to introduce an updated security-related health and performance monitoring capability on-par with Security Manager, but no definite word yet.

Security Manager and Performance Monitor can be downloaded and used for up to 90 days for evaluation.

beecher Fri, 08/31/2007 - 10:34

Yes, there is an event browser in the application GUI itself and also the ability to configure email, syslog, or SNMP trap notifications for changes in tunnel status.

khinze Thu, 09/13/2007 - 06:54

Anyone tried NMIS or Cacti? Cacti looks like it will provide this. I am trying to get this working and can post if interested. We own CSM but have yet to figure out how to set it up to monitor devices.

merabtavart Fri, 07/22/2011 - 01:05

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

Actions

This Discussion