Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Monitoring

Is there a way that I can monitor if a vpn tunnel is up or down? I know you can do sh cry isakmp sa or via the asdm but that does not alert me if a tunnel is up or down, or give me any historical data about the tunnel.

I tried via solarwinds but it only lets me monitor the interfaces and not the tunnels.

Does anyone know a good solution or maybe a custom app?

Thanks in advance

-E

9 REPLIES
New Member

Re: VPN Monitoring

That's what I want to know too! I know there are two snmp commands

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

I didnt test them yet. You may want to try it.

By the way, what kind of VPN are you using? I am updating my VPN from IPsec+GRE to DMVPN. Will these commands work on both kinds of VPN?

New Member

Re: VPN Monitoring

I am unning a pair of asa's with ipsec+GRE tunnels.

I tried both snmp commands and I could only impliment ipsec and not isakmp.

However I did find that cisco works has some monitoring tools included but I don't know the cost.

I would have thought there is an easy way.

I used to work for Siemens business services. Great company to work for.

Anonymous
N/A

Re: VPN Monitoring

E,

There are other tools on the market which can do what you are asking for,

~R

New Member

Re: VPN Monitoring

Do you know the names of the tools?

Cisco Employee

Re: VPN Monitoring

Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs. Links:

Security Manager:

http://www.cisco.com/go/csmanager

Performance Monitor User Guide:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html

Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement. We would like to introduce an updated security-related health and performance monitoring capability on-par with Security Manager, but no definite word yet.

Security Manager and Performance Monitor can be downloaded and used for up to 90 days for evaluation.

New Member

Re: VPN Monitoring

Does it also provide notifications if a tunnel goes down?

Cisco Employee

Re: VPN Monitoring

Yes, there is an event browser in the application GUI itself and also the ability to configure email, syslog, or SNMP trap notifications for changes in tunnel status.

New Member

Re: VPN Monitoring

Anyone tried NMIS or Cacti? Cacti looks like it will provide this. I am trying to get this working and can post if interested. We own CSM but have yet to figure out how to set it up to monitor devices.

New Member

Re: VPN Monitoring

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

523
Views
3
Helpful
9
Replies
CreatePlease to create content