Found myself in a situation where I was at a client site building a new monitoring system and asked me what the “usual” is.

Of course you want to monitor your crucial devices, configure netflow, update visios, etc. but one thing I wanted to try out was monitoring VPN Tunnels.

Out of the box, the monitoring system I was using did have any nice “click on this box to monitor this tunnel” option. And google around I saw many other vendors didn’t either. Alot of “fixes” was to monitor systems at the other end of the tunnel via ICMP. I guess that works, but I wanted to know if they actual tunnel was up, not the servers at the other end.

Something that isn’t taught too often is the complexities of SNMP. Youtube has a few good videos on the topic which I highly suggest everyone to watch. If your decent at SNMP you’ll be OK.

https://www.youtube.com/watch?v=YZ5gBrA0B0U

https://www.youtube.com/watch?v=RD8hnhGCFcY

That 2nd video is pretty good too, gets deep into SNMP.

Anyhow, the way you can loosely look at SNMP and OID and MIBs, its the MIB is the “book”, and the OIDs are the “pages”. Most vendors ship with their books complete will all the pages, but sometimes therer are extra pages missing from the book. You use the pages to let the SNMP server know what to “page to turn to” in order to view the imformation on the page. Without the right page number (OID), the SNMP server won’t know what “page” to turn to in order to get what information it needs.

So the case I ran into was the “page”/OID I had to monitor was not in the vendors MIB/book. I had to reach out to Cisco in order to get the page/OID what I needed to look at.

1.3.6.1.4.1.9.9.171.1.2.3.1.35

A value of 1 means the tunnel is up

Thats the OID I needed to search for. One can also do a SNMPWalk of a device in order to see a BIG BIG list of all the OIDs that you can poll.
snmpwalkoutput

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.4.1.9.9.171.1.2.3.1.7&translate=Translate&submitValue=SUBMIT

Cisco has on their site a SNMP Object Browser which is all (hopefully all) of the pages/OIDs they offer You may have reach out to TAC to get the right OID or google around for the right OID.

Once you get the right ID, you can create the alert/poll you need! More importantly, you’ll want to know going forward when you create new VPN tunnels, how do I know which OID to poll?

Do a SNMPWalk of the ASA and look for something like this….

 

.1.3.6.1.4.1.9.9.171.1.2.3.1.35.12169216 = INTEGER: 1
.1.3.6.1.4.1.9.9.171.1.2.3.1.35.12197888 = INTEGER: 1

.1.3.6.1.4.1.9.9.171.1.2.3.1.7.12169216 = STRING: “191.234.32.14”
.1.3.6.1.4.1.9.9.171.1.2.3.1.7.12197888 = STRING: “212.94.33.54”

These lines above mean we have two VPN tunnels up with the peer address of 191.234.32.14 and 212.94.33.54. If you put in a hostname instead for the peer, you’ll see the hostname listed here. Remember to poll for the .35, the .7 just lets you ID which tunnel your looking at

Unlike what we think of “up/down”, the value here if present means that the VPN Tunnel is up. If the tunnel is down, this line disappearsĀ from the MIB so when you create your poll, if it no longer sees this line you can send out an alert saying the VPN tunnel is down!

Hope that helps someone out there trying to monitor tunnels via SNMP!

 

 

William Zambrano

William Zambrano

NYC networkers is run by William Zambrano, a passionate network engineer who has been in the IT industry for eight years who posts up blog articles, YouTube videos, and holds meetup.com events in the NYC area. He lives in Queens, New York and has consulted in various different companies in the NY area. Previously William worked as a Cisco Certified Systems Instructor (CCSI) but now currently works for Arista Networks serving as a Systems Engineer. William can be reached by email at willzambrano@gmail.com

More Posts - Website

Follow Me:
Twitter