Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2360
Views
0
Helpful
0
Replies

How to monitor VPN Sessions with SNMP?

mthomaz
Level 1
Level 1

‎06-06-2018 04:03 PM - edited ‎03-12-2019 05:21 AM

I am trying to monitor the VPN connection on my ASA 5520. The goal here is to create an alert with NAGIOS that, if a specific VPN goes down, send me an email.

 

I, however, can't make it work. I am using the following:

snmpwalk -v 2c public -H 192.168.1.1 -o 1.3.6.1.4.1.9.9.171.1.2.1.1

 

What I get in return is:

Configuration directives understood:
  In snmpwalk.conf and snmpwalk.local.conf:
    includeRequested         (1|yes|true|0|no|false)
    excludeRequested         (1|yes|true|0|no|false)
    printStatistics          (1|yes|true|0|no|false)
    dontCheckOrdering        (1|yes|true|0|no|false)
    timeResults              (1|yes|true|0|no|false)
    timeResultsSingle        (1|yes|true|0|no|false)
  In snmp.conf and snmp.local.conf:
    extraX509SubDir          string
    x509CRLFile              string
    tlsAlgorithms            string
    localCert                string
    peerCert                 string
    alias                    NAME TRANSPORT_DEFINITION
    doDebugging              (1|0)
    debugTokens              token[,token...]
    logTimestamp             (1|yes|true|0|no|false)
    logOption                string
    mibdirs                  [mib-dirs|+mib-dirs|-mib-dirs]
    mibs                     [mib-tokens|+mib-tokens]
    mibfile                  mibfile-to-read
    showMibErrors            (1|yes|true|0|no|false)
    commentToEOL             (1|yes|true|0|no|false)
    strictCommentTerm        (1|yes|true|0|no|false)
    mibAllowUnderline        (1|yes|true|0|no|false)
    mibWarningLevel          integerValue
    mibReplaceWithLatest     (1|yes|true|0|no|false)
    printNumericEnums        (1|yes|true|0|no|false)
    printNumericOids         (1|yes|true|0|no|false)
    escapeQuotes             (1|yes|true|0|no|false)
    dontBreakdownOids        (1|yes|true|0|no|false)
    quickPrinting            (1|yes|true|0|no|false)
    numericTimeticks         (1|yes|true|0|no|false)
    oidOutputFormat          integerValue
    suffixPrinting           integerValue
    extendedIndex            (1|yes|true|0|no|false)
    printHexText             (1|yes|true|0|no|false)
    printValueOnly           (1|yes|true|0|no|false)
    dontPrintUnits           (1|yes|true|0|no|false)
    hexOutputLength          integerValue
    dumpPacket               (1|yes|true|0|no|false)
    reverseEncodeBER         (1|yes|true|0|no|false)
    defaultPort              integerValue
    defCommunity             string
    noTokenWarnings          (1|yes|true|0|no|false)
    noRangeCheck             (1|yes|true|0|no|false)
    persistentDir            string
    tempFilePattern          string
    noDisplayHint            (1|yes|true|0|no|false)
    16bitIDs                 (1|yes|true|0|no|false)
    clientaddr               string
    clientaddrUsesPort       (1|yes|true|0|no|false)
    serverSendBuf            integerValue
    serverRecvBuf            integerValue
    clientSendBuf            integerValue
    clientRecvBuf            integerValue
    noPersistentLoad         (1|yes|true|0|no|false)
    noPersistentSave         (1|yes|true|0|no|false)
    noContextEngineIDDiscovery (1|yes|true|0|no|false)
    timeout                  integerValue
    retries                  integerValue
    defDomain                application domain
    defTarget                application domain target
    dontLoadHostConfig       (1|yes|true|0|no|false)
    defSecurityModel         string
    tsmUseTransportPrefix    (1|yes|true|0|no|false)
    defAuthType              MD5|SHA
    defPrivType              DES|AES
    defSecurityName          string
    defContext               string
    defPassphrase            string
    defAuthPassphrase        string
    defPrivPassphrase        string
    defAuthMasterKey         string
    defPrivMasterKey         string
    defAuthLocalizedKey      string
    defPrivLocalizedKey      string
    defVersion               1|2c|3
    defSecurityLevel         noAuthNoPriv|authNoPriv|authPriv
    trustCert                trustCert FINGERPRINT|FILENAME
  In snmpapp.conf and snmpapp.local.conf:
    defDomain                application domain
    defTarget                application domain target
    engineID                 string
    engineIDType             num
    engineIDNic              string

 

How can I get the SNMP working in a way that it returns me if a specific VPN (based on the peer IP Address maybe?) is UP or NOT?

 

Thanks in advance!

 

UPDATE:

I managed to get the number of IPSEC connections...

snmpwalk -v 2c public -H 192.168.1.1 -o 1.3.6.1.4.1.9.9.392.1.3.26.0

 

... However, what I need is to see if a specific Site-To-Site IKEv2 VPN is up or down.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents