check_vpn_status for IKEv2
Posted: Thu Oct 05, 2017 10:49 pm
Hi all,
I am currently using existing plugin "check_vpn_status" for all our Cisco ASA's vpn tunnels using IKEv1 but the plugin does not help on tunnels with IKEv2.
I did manual snmpwalk on OID 1.3.6.1.4.1.9.9.171.1.2.3.1.7 and the outcome did not include IKEv2 tunnel peer addresses.
Checked further if I could find a different OID which returns with both IKEv1 and IKEv2 and came up with below.
1.3.6.1.4.1.9.9.392.1.3.21.1.2
Tested using manual snmpwalk and confirmed both IKE versions peer addresses present when tunnels are up.
As my perl skills are next to none, yet I tried tweaking existing check_vpn_status file by replacing old OID with the new one and it failed.
Can anyone assist please. Or any existing plugin please?
I am currently using existing plugin "check_vpn_status" for all our Cisco ASA's vpn tunnels using IKEv1 but the plugin does not help on tunnels with IKEv2.
I did manual snmpwalk on OID 1.3.6.1.4.1.9.9.171.1.2.3.1.7 and the outcome did not include IKEv2 tunnel peer addresses.
Checked further if I could find a different OID which returns with both IKEv1 and IKEv2 and came up with below.
1.3.6.1.4.1.9.9.392.1.3.21.1.2
Tested using manual snmpwalk and confirmed both IKE versions peer addresses present when tunnels are up.
As my perl skills are next to none, yet I tried tweaking existing check_vpn_status file by replacing old OID with the new one and it failed.
Can anyone assist please. Or any existing plugin please?