VPN Monitoring

elovelace256 · ‎08-16-2007

Is there a way that I can monitor if a vpn tunnel is up or down? I know you can do sh cry isakmp sa or via the asdm but that does not alert me if a tunnel is up or down, or give me any historical data about the tunnel.

I tried via solarwinds but it only lets me monitor the interfaces and not the tunnels.

Does anyone know a good solution or maybe a custom app?

Thanks in advance

-E

Difan Zhao · ‎08-16-2007

That's what I want to know too! I know there are two snmp commands

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

I didnt test them yet. You may want to try it.

By the way, what kind of VPN are you using? I am updating my VPN from IPsec+GRE to DMVPN. Will these commands work on both kinds of VPN?

elovelace256 · ‎08-16-2007

I am unning a pair of asa's with ipsec+GRE tunnels.

I tried both snmp commands and I could only impliment ipsec and not isakmp.

However I did find that cisco works has some monitoring tools included but I don't know the cost.

I would have thought there is an easy way.

I used to work for Siemens business services. Great company to work for.

Report Inappropriate Content · ‎08-17-2007

E,

There are other tools on the market which can do what you are asking for,

~R

elovelace256 · ‎08-29-2007

Do you know the names of the tools?

beecher · ‎08-31-2007

Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs. Links:

Security Manager:

http://www.cisco.com/go/csmanager

Performance Monitor User Guide:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html

Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement. We would like to introduce an updated security-related health and performance monitoring capability on-par with Security Manager, but no definite word yet.

Security Manager and Performance Monitor can be downloaded and used for up to 90 days for evaluation.

elovelace256 · ‎08-31-2007

Does it also provide notifications if a tunnel goes down?

beecher · ‎08-31-2007

Yes, there is an event browser in the application GUI itself and also the ability to configure email, syslog, or SNMP trap notifications for changes in tunnel status.

khinze · ‎09-13-2007

Anyone tried NMIS or Cacti? Cacti looks like it will provide this. I am trying to get this working and can post if interested. We own CSM but have yet to figure out how to set it up to monitor devices.

merabtavart · ‎07-22-2011

Check

http://www.vpnttg.com/

Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.

HTH