831 VPN "active" OID

cbudzak · ‎03-02-2005

Does anyone have the OID for when a VPN connection is "active" on an 831? I'm using EzVPN. Is there an OID for IPSEC connection status?

I want to incorporate an IOD into MRTG or Big Brother for tracking up/downtime on a VPN connection.

mhussein · ‎03-02-2005

These oid's may be helpful

1.3.6.1.4.1.9.9.171.1.2.1.1 cikeGlobalActiveTunnels

1.3.6.1.4.1.9.9.171.1.3.1.1 cipSecGlobalActiveTunnels

Or you can snmpwalk this mib:

ciscoIpSecFlowMonitorMIB 1.3.6.1.4.1.9.9.171

which is supported by the 831 router, and look for the specific oid that you need.

If you find this helpful, please share your findings.

Regards,

Mustafa

phatsushi · ‎03-03-2005

Mustafa,

I find that when a tunnel sa goes down or expires, the index instance, the value of that tunnel session, changes. So if I use this OID to monitor this active tunnel, and it bounces, our nms is still monitoring the old instance value. We have to manually initiate a rediscovery. Besides upgrading our nms, (I wish), do you have any other suggestions.

Thank you!

TC

cbudzak · ‎03-03-2005

I'm monitoring:

1.3.6.1.4.1.9.9.171.1.2.1.1.0

and

1.3.6.1.4.1.9.9.171.1.3.1.1.0

These OIDs don't change on my 831 and seem to be pretty reliable for determining ike and ipsec status respectively. I'm initiating an EzVPN connection from my 831 to a 3080.

cbudzak · ‎03-03-2005

That seems to be right on the money. Thank you! I'm going to have hours of fun trying to figure out what all these values mean under "ciscoIpSecFlowMonitorMIB "