Re: Monitoring ASA L2L vpn tunnel uptime/throughput via snmp

jgibb · ‎04-04-2011

I need to be able to monitor static VPN L2L tunnels on an ASA running 8.2 and above. I know you can snmp query for the tunnel count but how can you see individual tunnel status as they change thier SA ID etc... frequently? Any help would be appreciated.

Marcin Latosiewicz · ‎04-04-2011

Hi there.

Well ... I'm afarid I don't have quick answer for you.

What I suggest is to dig into

show snmp-server oidlist

(it will not autocomplete)

What I would like to point out:

[361] 1.3.6.1.4.1.9.9.171.1.2.3.1.19. cikeTunInOctets

[498] 1.3.6.1.4.1.9.9.171.1.4.2.1.1.23. cikeTunHistInOctets

[495] 1.3.6.1.4.1.9.9.171.1.4.2.1.1.20. cikeTunHistActiveTime

Not sure it this is what you're looking for.

Marcin

jgibb · ‎04-04-2011

Thanks. That's a great place to start. I will do some testing on those OID values and see what I can get out of it.

-Jake

Marcin Latosiewicz · ‎04-04-2011

Jake,

Good luck :-)

I just realized I made a mistake.

There are two families

cikeTun..., cikeTunHist

I believe you will be insterested in cikeTun not cikeTunHist ;-)

Marcin

ROBERTO TACCON · ‎04-04-2011

Check

http://www.vpnttg.com/

Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.

HTH

Roberto Taccon