I am trying to monitor the VPN connection on my ASA 5520. The goal here is to create an alert with NAGIOS that, if a specific VPN goes down, send me an email.
I, however, can't make it work. I am using the following:
snmpwalk -v 2c public -H 192.168.1.1 -o 1.3.6.1.4.1.9.9.171.1.2.1.1
What I get in return is:
Configuration directives understood:
In snmpwalk.conf and snmpwalk.local.conf:
includeRequested (1|yes|true|0|no|false)
excludeRequested (1|yes|true|0|no|false)
printStatistics (1|yes|true|0|no|false)
dontCheckOrdering (1|yes|true|0|no|false)
timeResults (1|yes|true|0|no|false)
timeResultsSingle (1|yes|true|0|no|false)
In snmp.conf and snmp.local.conf:
extraX509SubDir string
x509CRLFile string
tlsAlgorithms string
localCert string
peerCert string
alias NAME TRANSPORT_DEFINITION
doDebugging (1|0)
debugTokens token[,token...]
logTimestamp (1|yes|true|0|no|false)
logOption string
mibdirs [mib-dirs|+mib-dirs|-mib-dirs]
mibs [mib-tokens|+mib-tokens]
mibfile mibfile-to-read
showMibErrors (1|yes|true|0|no|false)
commentToEOL (1|yes|true|0|no|false)
strictCommentTerm (1|yes|true|0|no|false)
mibAllowUnderline (1|yes|true|0|no|false)
mibWarningLevel integerValue
mibReplaceWithLatest (1|yes|true|0|no|false)
printNumericEnums (1|yes|true|0|no|false)
printNumericOids (1|yes|true|0|no|false)
escapeQuotes (1|yes|true|0|no|false)
dontBreakdownOids (1|yes|true|0|no|false)
quickPrinting (1|yes|true|0|no|false)
numericTimeticks (1|yes|true|0|no|false)
oidOutputFormat integerValue
suffixPrinting integerValue
extendedIndex (1|yes|true|0|no|false)
printHexText (1|yes|true|0|no|false)
printValueOnly (1|yes|true|0|no|false)
dontPrintUnits (1|yes|true|0|no|false)
hexOutputLength integerValue
dumpPacket (1|yes|true|0|no|false)
reverseEncodeBER (1|yes|true|0|no|false)
defaultPort integerValue
defCommunity string
noTokenWarnings (1|yes|true|0|no|false)
noRangeCheck (1|yes|true|0|no|false)
persistentDir string
tempFilePattern string
noDisplayHint (1|yes|true|0|no|false)
16bitIDs (1|yes|true|0|no|false)
clientaddr string
clientaddrUsesPort (1|yes|true|0|no|false)
serverSendBuf integerValue
serverRecvBuf integerValue
clientSendBuf integerValue
clientRecvBuf integerValue
noPersistentLoad (1|yes|true|0|no|false)
noPersistentSave (1|yes|true|0|no|false)
noContextEngineIDDiscovery (1|yes|true|0|no|false)
timeout integerValue
retries integerValue
defDomain application domain
defTarget application domain target
dontLoadHostConfig (1|yes|true|0|no|false)
defSecurityModel string
tsmUseTransportPrefix (1|yes|true|0|no|false)
defAuthType MD5|SHA
defPrivType DES|AES
defSecurityName string
defContext string
defPassphrase string
defAuthPassphrase string
defPrivPassphrase string
defAuthMasterKey string
defPrivMasterKey string
defAuthLocalizedKey string
defPrivLocalizedKey string
defVersion 1|2c|3
defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
trustCert trustCert FINGERPRINT|FILENAME
In snmpapp.conf and snmpapp.local.conf:
defDomain application domain
defTarget application domain target
engineID string
engineIDType num
engineIDNic string
How can I get the SNMP working in a way that it returns me if a specific VPN (based on the peer IP Address maybe?) is UP or NOT?
Thanks in advance!
UPDATE:
I managed to get the number of IPSEC connections...
snmpwalk -v 2c public -H 192.168.1.1 -o 1.3.6.1.4.1.9.9.392.1.3.26.0
... However, what I need is to see if a specific Site-To-Site IKEv2 VPN is up or down.