06-06-2018 04:03 PM - edited 03-12-2019 05:21 AM
I am trying to monitor the VPN connection on my ASA 5520. The goal here is to create an alert with NAGIOS that, if a specific VPN goes down, send me an email.
I, however, can't make it work. I am using the following:
snmpwalk -v 2c public -H 192.168.1.1 -o 1.3.6.1.4.1.9.9.171.1.2.1.1
What I get in return is:
Configuration directives understood: In snmpwalk.conf and snmpwalk.local.conf: includeRequested (1|yes|true|0|no|false) excludeRequested (1|yes|true|0|no|false) printStatistics (1|yes|true|0|no|false) dontCheckOrdering (1|yes|true|0|no|false) timeResults (1|yes|true|0|no|false) timeResultsSingle (1|yes|true|0|no|false) In snmp.conf and snmp.local.conf: extraX509SubDir string x509CRLFile string tlsAlgorithms string localCert string peerCert string alias NAME TRANSPORT_DEFINITION doDebugging (1|0) debugTokens token[,token...] logTimestamp (1|yes|true|0|no|false) logOption string mibdirs [mib-dirs|+mib-dirs|-mib-dirs] mibs [mib-tokens|+mib-tokens] mibfile mibfile-to-read showMibErrors (1|yes|true|0|no|false) commentToEOL (1|yes|true|0|no|false) strictCommentTerm (1|yes|true|0|no|false) mibAllowUnderline (1|yes|true|0|no|false) mibWarningLevel integerValue mibReplaceWithLatest (1|yes|true|0|no|false) printNumericEnums (1|yes|true|0|no|false) printNumericOids (1|yes|true|0|no|false) escapeQuotes (1|yes|true|0|no|false) dontBreakdownOids (1|yes|true|0|no|false) quickPrinting (1|yes|true|0|no|false) numericTimeticks (1|yes|true|0|no|false) oidOutputFormat integerValue suffixPrinting integerValue extendedIndex (1|yes|true|0|no|false) printHexText (1|yes|true|0|no|false) printValueOnly (1|yes|true|0|no|false) dontPrintUnits (1|yes|true|0|no|false) hexOutputLength integerValue dumpPacket (1|yes|true|0|no|false) reverseEncodeBER (1|yes|true|0|no|false) defaultPort integerValue defCommunity string noTokenWarnings (1|yes|true|0|no|false) noRangeCheck (1|yes|true|0|no|false) persistentDir string tempFilePattern string noDisplayHint (1|yes|true|0|no|false) 16bitIDs (1|yes|true|0|no|false) clientaddr string clientaddrUsesPort (1|yes|true|0|no|false) serverSendBuf integerValue serverRecvBuf integerValue clientSendBuf integerValue clientRecvBuf integerValue noPersistentLoad (1|yes|true|0|no|false) noPersistentSave (1|yes|true|0|no|false) noContextEngineIDDiscovery (1|yes|true|0|no|false) timeout integerValue retries integerValue defDomain application domain defTarget application domain target dontLoadHostConfig (1|yes|true|0|no|false) defSecurityModel string tsmUseTransportPrefix (1|yes|true|0|no|false) defAuthType MD5|SHA defPrivType DES|AES defSecurityName string defContext string defPassphrase string defAuthPassphrase string defPrivPassphrase string defAuthMasterKey string defPrivMasterKey string defAuthLocalizedKey string defPrivLocalizedKey string defVersion 1|2c|3 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv trustCert trustCert FINGERPRINT|FILENAME In snmpapp.conf and snmpapp.local.conf: defDomain application domain defTarget application domain target engineID string engineIDType num engineIDNic string
How can I get the SNMP working in a way that it returns me if a specific VPN (based on the peer IP Address maybe?) is UP or NOT?
Thanks in advance!
UPDATE:
I managed to get the number of IPSEC connections...
snmpwalk -v 2c public -H 192.168.1.1 -o 1.3.6.1.4.1.9.9.392.1.3.26.0
... However, what I need is to see if a specific Site-To-Site IKEv2 VPN is up or down.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide