×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Looking for a tracking solution for site to site VPN

Answered Question

I need to track site to site VPN peer connectivity on a couple ASA5520s. What I would like is to be able to look at a list of all configured peers and see when each peer last successfully connected. I am open to suggestions.

Correct Answer by Collin Clark about 3 years 8 months ago

I would filter the ASA to send 713120 logs to a syslog server and write a script to show the informarion I need and dump it to a web page that gets updated, say hourly.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Karsten Iwen Wed, 12/18/2013 - 09:21
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

You could use "ip sla" for that. Instead of tracking a route, you just monitor the reachability:


http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_static.html#wp1119813



--

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Jon Are Endrerud Wed, 12/18/2013 - 10:39
User Badges:

You can use snmp to monitor ipsec values. PRTG from passler monitor 70 sites for bandwidth, uptime, downtime and active users at my company.

Sent from Cisco Technical Support iPhone App

Thanks but not really what I need. I am not looking to verify a tunnel is up but more track when they last connected. I am thinking doing something like tracking "Phase2 complete" (713120) Syslog messgaes and finding a way to timestamp a list of peers when those messages are seen to create a running log of when each peer last connected. What I want to do is determine which tunnels have not been used for extended periods of time.

Correct Answer
Collin Clark Wed, 12/18/2013 - 13:21
User Badges:
  • Purple, 4500 points or more

I would filter the ASA to send 713120 logs to a syslog server and write a script to show the informarion I need and dump it to a web page that gets updated, say hourly.

Actions

This Discussion