Picking at an old topic here. We have a PRTG installation for monitoring, but It can't handle all IPSec via SNMP.
How do you monitor IPSec connections on ASA, and alert on them? Tools, scripts, anything...
check these link might it help you
I was unaware of Security Manager until now, I'll have to give it a try.
The snmp approach adds additional manual steps, since the OID changes when the tunnel re-keys. One would have to lookup the new value, and then change the monitoring to poll the new OID. This could potential give false alerts in the time span between a new OID and script execution. I might have approached it the wrong why. so there could be someone who has this running?
Yes, I did look at the IP_SEC_FLOW_MONITOR mib, and the output is like this ->
Where cikeTunStatus = 18.104.22.168.22.214.171.124.126.96.36.199.1.+(TUNNEL OID = 12820480). when the tunnel flaps or re-keys den OID changes. I can lookup the remote peer IP multiple places, to get the new OID, but some automation would have to lookup the new value, and update en entire OID in the monitoring software.
I'm trying Cisco security manager, but the installer takes forever. VPNTTG is able to provide the correct output (havn't tried it, but they promise that it can do the job)
I'm not sure how they handle the OID, but SolarWinds NPM seems to work fine at monitoring IPsec VPNs.
CSM wouldn't be a good strategic investment in my opinion. I wouldn't be surprised to see it retired in the next year or two.
I agree, that CSM wouldn't be a viable solution - did Prime Security Manager provide this feature, despite that it's EOL, in favor for FMC on FTD?
How does NPM handle the dynamic OID?
We do out of the box using Linux connect to ASA and get the out and graph them using elastic dash board.
Example as below : ( poll every 5min and get the details and make a graph)
sh vpn-sessiondb detail anyconnect
*** Rate All Helpful Responses ***