cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2949
Views
0
Helpful
8
Replies
Highlighted
Beginner

How do you monitor your IPSec connections??

Picking at an old topic here. We have a PRTG installation for monitoring, but It can't handle all IPSec via SNMP.

 

How do you monitor IPSec connections on ASA, and alert on them? Tools, scripts, anything...

 

Best regards,

 

Michael

8 REPLIES 8
Highlighted
VIP Advocate

Highlighted

I was unaware of Security Manager until now, I'll have to give it a try.

 

The snmp approach adds additional manual steps, since the OID changes when the tunnel re-keys. One would have to lookup the new value, and then change the monitoring to poll the new OID. This could potential give false alerts in the time span between a new OID and script execution. I might have approached it the wrong why. so there could be someone who has this running?

Highlighted
VIP Advisor

Highlighted

Yes, I did look at the IP_SEC_FLOW_MONITOR mib, and the output is like this ->

cikeTunStatus.12640256 active(1)
cikeTunStatus.12787712 active(1)
cikeTunStatus.12800000 active(1)
cikeTunStatus.12808192 active(1)
cikeTunStatus.12820480 active(1)
cikeTunStatus.12865536 active(1)

 

 

 

 

Where cikeTunStatus = 1.3.6.1.4.1.9.9.171.1.2.3.1.+(TUNNEL OID = 12820480). when the tunnel flaps or re-keys den OID changes. I can lookup the remote peer IP multiple places, to get the new OID, but some automation would have to lookup the new value, and update en entire OID in the monitoring software.

 

I'm trying Cisco security manager, but the installer takes forever. VPNTTG is able to provide the correct output (havn't tried it, but they promise that it can do the job)

Highlighted

I'm not sure how they handle the OID, but SolarWinds NPM seems to work fine at monitoring IPsec VPNs.

 

CSM wouldn't be a good strategic investment in my opinion. I wouldn't be surprised to see it retired in the next year or two.

Highlighted

Agreed Marvin. I use solarwinds and using universal device poller you
schedule polling intervals for any OID and display it on chart
Highlighted

I agree, that CSM wouldn't be a viable solution - did Prime Security Manager provide this feature, despite that it's EOL, in favor for FMC on FTD?

 

How does NPM handle the dynamic OID?

Highlighted
VIP Expert

We do out of the box using Linux connect to ASA and get the out and graph them using elastic dash board.

 

Example as below : ( poll every 5min and get the details and make a graph)

 

sh vpn-sessiondb detail anyconnect



BB


*** Rate All Helpful Responses ***

Content for Community-Ad