cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
527
Views
0
Helpful
1
Replies

Cisco ASA VPN monitoring Question

rene.schmid
Beginner
Beginner

Hello Support Community,

I have a question regarding the monitoring of VPN Sessions. We have a ASA 5515-X Cluster with some LAN2LAN VPN tunnels and with about 50 Default LAN2LAN tunnels. That means, that on 50 remote sides we do not have an fixed public ip address, we work with 4G routers and IPSec tunnels. We now want to monitor with PRTG or Ipswitch WhatsUp Gold, the established IPSec VPN tunnels to see the actual public IP address and the remote network.

In troubleshooting case it's very difficult for our NOC to log into the ASA and look at each established IPSec tunnel to find the correct one.

Does anyone has an idea?

Thanks for help.

Rene

1 Reply 1

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

With a little bit of regular expression you can grab the information you need from the cli.

show crypto ipsec sa | i remote ident|current_peer

If they want to find a specific tunnel then instead of "remote ident" field use a unique remote subnet at a given site.

I don't think this can be gotten easily via SNMP polling.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers