Is there a way that I can monitor if a vpn tunnel is up or down? I know you can do sh cry isakmp sa or via the asdm but that does not alert me if a tunnel is up or down, or give me any historical data about the tunnel.
I tried via solarwinds but it only lets me monitor the interfaces and not the tunnels.
Does anyone know a good solution or maybe a custom app?
Thanks in advance
That's what I want to know too! I know there are two snmp commands
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
I didnt test them yet. You may want to try it.
By the way, what kind of VPN are you using? I am updating my VPN from IPsec+GRE to DMVPN. Will these commands work on both kinds of VPN?
I am unning a pair of asa's with ipsec+GRE tunnels.
I tried both snmp commands and I could only impliment ipsec and not isakmp.
However I did find that cisco works has some monitoring tools included but I don't know the cost.
I would have thought there is an easy way.
I used to work for Siemens business services. Great company to work for.
Included with Cisco Security Manager is an application called Performance Monitor, which supports the monitoring of remote-access and site-to-site VPNs. Links:
Performance Monitor User Guide:
Performance Monitor originates from the previous security managment product called CiscoWorks VMS and is currently not undergoing much further enhancement. We would like to introduce an updated security-related health and performance monitoring capability on-par with Security Manager, but no definite word yet.
Security Manager and Performance Monitor can be downloaded and used for up to 90 days for evaluation.
Yes, there is an event browser in the application GUI itself and also the ability to configure email, syslog, or SNMP trap notifications for changes in tunnel status.
Anyone tried NMIS or Cacti? Cacti looks like it will provide this. I am trying to get this working and can post if interested. We own CSM but have yet to figure out how to set it up to monitor devices.
Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.