[c-nsp] How to monitor ipsec tunnel

Andy Saykao andy.saykao at staff.netspace.net.au
Fri Jul 31 04:13:41 EDT 2009 

Thanks Ben.

Unfortunately, that OID object doesn't exist on the Cisco 3640 with the IOS I'm using.

nagios# snmpwalk -v 2c -c public 203.17.101.x 1.3.6.1.4.1.9.9.171.1.3.1.1
SNMPv2-SMI::enterprises.9.9.171.1.3.1.1 = No Such Object available on this agent at this OID

nagios# snmpwalk -v 2c -c public 203.17.101.x 1.3.6.1.4.1.9.9 | grep 171
nagios#

The CISCO-IPSEC-MIB with OID 1.3.6.1.4.1.9.10.62 doesn't exist either.

nagios# snmpwalk -v 2c -c public 203.17.101.x 1.3.6.1.4.1.9.10.62
SNMPv2-SMI::enterprises.9.10.62 = No Such Object available on this agent at this OID

Cheers.

Andy

-----Original Message-----
From: biwhite at gmail.com [mailto:biwhite at gmail.com] On Behalf Of Ben White
Sent: Friday, 31 July 2009 5:43 PM
To: Andy Saykao
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] How to monitor ipsec tunnel

You can get a count of the number of tunnels up under
1.3.6.1.4.1.9.9.171.1.3.1.1

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=cipSecGlobalActiveTunnels

Check min/max values on that?

2009/7/31 Andy Saykao <andy.saykao at staff.netspace.net.au>:
> Hi All,
>
> We've got an IPSEC tunnel configured with another provider for the 
> exchange of some sensitive data and I wanted to know if there was a 
> way to monitor the IPSEC tunnel to ensure it was up.
>
> We're using a Cisco 3640 running 12.2(46a).
>
> I've checked the mibs for this hardware platform and IOS from the 
> Cisco IOS MIB Locator but can't really find any mibs to help me 
> monitor the status of the tunnel.
>
> http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
>
> core#sh crypto isakmp sa
> dst             src             state           conn-id    slot 
> 203.17.98.x     203.41.142.x    QM_IDLE               1       0
>
> We are trying to monitor the IPSEC tunnel using nagios.
>
> Cheers.
>
> Andy
>
> This email and any files transmitted with it are confidential and 
> intended
>  solely for the use of the individual or entity to whom they are addressed.
> Please notify the sender immediately by email if you have received 
> this email by mistake and delete this email from your system. Please 
> note that
>  any views or opinions presented in this email are solely those of the
>  author and do not necessarily represent those of the organisation.
> Finally, the recipient should check this email and any attachments for 
> the presence of viruses. The organisation accepts no liability for any 
> damage caused by any virus transmitted by this email.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--
Ben

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email ______________________________________________________________________

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed. 
Please notify the sender immediately by email if you have received this 
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for 
the presence of viruses. The organisation accepts no liability for any 
damage caused by any virus transmitted by this email.

More information about the cisco-nsp mailing list