Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
4
Replies

Looking for a tracking solution for site to site VPN

Go to solution
ntuser2000
Level 1
Level 1

‎12-18-2013 09:16 AM

I need to track site to site VPN peer connectivity on a couple ASA5520s. What I would like is to be able to look at a list of all configured peers and see when each peer last successfully connected. I am open to suggestions.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎12-18-2013 01:21 PM

I would filter the ASA to send 713120 logs to a syslog server and write a script to show the informarion I need and dump it to a web page that gets updated, say hourly.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎12-18-2013 09:21 AM

You could use "ip sla" for that. Instead of tracking a route, you just monitor the reachability:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_static.html#wp1119813

--

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Jon Are Endrerud
Level 1
Level 1

‎12-18-2013 10:39 AM

You can use snmp to monitor ipsec values. PRTG from passler monitor 70 sites for bandwidth, uptime, downtime and active users at my company.

Sent from Cisco Technical Support iPhone App

Please rate as helpful, if that would be the case. Thanx
0 Helpful

Go to solution
ntuser2000
Level 1
Level 1
In response to Jon Are Endrerud

‎12-18-2013 11:37 AM

Thanks but not really what I need. I am not looking to verify a tunnel is up but more track when they last connected. I am thinking doing something like tracking "Phase2 complete" (713120) Syslog messgaes and finding a way to timestamp a list of peers when those messages are seen to create a running log of when each peer last connected. What I want to do is determine which tunnels have not been used for extended periods of time.

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎12-18-2013 01:21 PM

I would filter the ASA to send 713120 logs to a syslog server and write a script to show the informarion I need and dump it to a web page that gets updated, say hourly.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents