10-14-2023 10:07 PM
I need to monitor Cisco Asa 5516 IPsec tunnels, While checking I could see I can capture only active tunnels OID values, but I am unable to capture which tunnel going inactive from active,, is there any way to capature which tunnel moving from active to inactive?
If I capture active tunnel details using OID while monitoring I am unable to capture which tunnel is going inactive because it's fetching only active tunnel details, if I can fetch active and inactive tunnels their status like up or down, I can make the alert if the tunnel goes down
Is there any other way to monitor the active and inactive tunnels in the Cisco asa 5516 firewall?
Please help me with this
10-15-2023 12:51 AM
Personally this never worked with me - when i tried it not got the results as expected.
So i have to stick with SNMP Trap or Log message based on that send alerts.
You may look this thread - mentioned resolved. it was not clear that was solved based on the OID (but my solution i stick with Trap)
https://community.cisco.com/t5/network-security/monitoring-asa-ipsec-using-snmp/td-p/4424341
10-17-2023 01:21 AM
Thanks Balaji
10-15-2023 03:15 AM
10-15-2023 04:33 AM
Hello @satheesh2908,
SNMP OIDs that allow you to monitor IPsec tunnels. The OID for IPsec SA status is CISCO-IPSEC-FLOW-MONITOR-MIB (OID: 1.3.6.1.4.1.9.9.171).
--cipSecTunStatus OID 1.3.6.1.4.1.9.9.171.1.2.3.1.3.
This OID provides the status of the IPsec tunnel (1 for up, 2 for down).
https://oidref.com/1.3.6.1.4.1.9.9.171
10-17-2023 01:23 AM
Ya, it's correct but here I want to capture if the tunnel goes inactive not down, if i monitor based on above, it's went way when tunnel became inactive, it;'s not showing down
10-17-2023 01:37 AM
@satheesh2908 to determine when a tunnel goes from active to inactive, create a filter on a syslog ID on the ASA and send that event to your NMS and use that to alert you.
Example syslog IDs:
%ASA-3-713123: Group = 3.3.3.1, IP = 3.3.3.1, IKE lost contact with remote peer, deleting connection (keepalive type: DPD)
%ASA-5-713259: Group = 3.3.3.1, IP = 3.3.3.1, Session is being torn down. Reason: Lost Service
%ASA-4-113019: Group = 3.3.3.1, Username = 3.3.3.1, IP = 3.3.3.1, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:19m:14s, Bytes xmt: 7500, Bytes rcv: 7500, Reason: Lost Service
Example ASA logging filtering guide - https://integratingit.wordpress.com/2023/02/09/asa-logging/
10-19-2023 03:03 AM
Thanks for your help i am trying this solution only
10-19-2023 04:40 AM
let us know how it goes, if all ok make it as resolved here.
10-17-2023 07:30 AM
yes based on the activity it create a syslog, so you can generate alerts same right ?
03-25-2024 08:20 AM
Hello,
Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN tunnel over time in graphical form.
Advantage of VPNTTG over other SNMP based monitoring software's is following: Other (commonly used) software's are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer's IP address and it stores for each VPN tunnel historical monitoring data into the Database.
For more information about VPNTTG please visit www.vpnttg.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide