IPSec Monitoring for ASA_Series over SNMP

Hi, we would like to monitor different Lan2Lan connections. We want to see the traffic on a per peer basis and we want to see if the tunnel is up and running. Does anybody know an easy way to do so????

Thanks

Reply to
mail
Loading thread data ...

have you tried a mib-walk?

If the device is SNMP enabled, do a mib-walk to find the ifIndex of the interface (tunnel) you want to monitor. Once you know it, perform a snmpget on the ifOperStatus. (1.3.6.1.2.1.2.2.1.8.X) Here's a table of the result codes: 1 = up 2 = down 3 = testing 4 = unknown 5 = dormant

here's a sample of how to do this BY HAND:

FIND the if Index (First Step) Unix>snmpwalk -v 1 -c public 10.1.2.3 interfaces.ifTable.ifEntry.ifDescr interfaces.ifTable.ifEntry.ifDescr.1 = STRING: "GigabitEthernet0/0" interfaces.ifTable.ifEntry.ifDescr.2 = STRING: "Tunnel" interfaces.ifTable.ifEntry.ifDescr.3 = STRING: "Null0" interfaces.ifTable.ifEntry.ifDescr.4 = STRING: "Loopback0"

Notice the ".2" after "ifDescr" on the Tunnel interface. THAT is your ifIndex.

Poll that interface for it's status. Unix> snmpget -c public 10.1.2.3 ifOperStatus.2 interfaces.ifTable.ifEntry.ifOperStatus.2 : INTEGER: up

You should also be able to graph the amount of data being transmitted/received by periodically polling ifInOctets.2 and ifOutOctets.2.

There are several good programs out there to help you get this information. - Some are free - Like MRTG.

J.Cottingim

Reply to
jcottingim

have a loot at

formatting link
This is exactly what you need

Erik

Reply to
Erik Tamminga

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.