cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2959
Views
0
Helpful
2
Replies
Soren Hansen
Beginner

Monitor pki certificate status via snmp

I recently discovered that a number of our remote sites could not connect to each other via dmvpn due to various certificate problems.

They could all connect to our hubs due to pre shared keys, so the problem was never discovered before a colleague discovered MM_KEY_EXCH states on some of the routers.

I therefore want to monitor the state of the certificates, preferably via snmp.

I found a nice looking mib,CISCO-PKI-PARTICIPATION-MIB, on http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.505

but none of our routers seem to support it, and when you click on "view supporting images", it also specifies: "There is no supporting images available for

CISCO-PKI-PARTICIPATION-MIB"

Do you have any experience on how to monitor certificate status on your Cisco routers?

2 REPLIES 2
nativevlan
Enthusiast

I know this is an old post but we're looking for the same thing, did you find a way to do this for your routers or ASA devices (if you have any)?

No real solution. I found that they all needed to connect to one specific router, so I fire off "show crypto isakmp sa | inc MM_KEY_EXCH" on that specific router via our management platform, and receive a mail with the output on a daily basis.

Create
Recognize Your Peers
Content for Community-Ad