check_vpn_status for IKEv2

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Afzal
Posts: 2
Joined: Thu Oct 05, 2017 10:38 pm

check_vpn_status for IKEv2

Post by Afzal »

Hi all,

I am currently using existing plugin "check_vpn_status" for all our Cisco ASA's vpn tunnels using IKEv1 but the plugin does not help on tunnels with IKEv2.

I did manual snmpwalk on OID 1.3.6.1.4.1.9.9.171.1.2.3.1.7 and the outcome did not include IKEv2 tunnel peer addresses.

Checked further if I could find a different OID which returns with both IKEv1 and IKEv2 and came up with below.

1.3.6.1.4.1.9.9.392.1.3.21.1.2

Tested using manual snmpwalk and confirmed both IKE versions peer addresses present when tunnels are up.

As my perl skills are next to none, yet I tried tweaking existing check_vpn_status file by replacing old OID with the new one and it failed.

Can anyone assist please. Or any existing plugin please?
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: check_vpn_status for IKEv2

Post by tgriep »

Instead of rewriting the plugin, you can use the check_snmp plugin and specify the OID in the command and that may work for you.
I found this link that has an example of doing that.
http://www.slsmk.com/monitor-asa-vpn-sessions-via-snmp/
Just update the OID with the correct one and see how it works out for you.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Afzal
Posts: 2
Joined: Thu Oct 05, 2017 10:38 pm

Re: check_vpn_status for IKEv2

Post by Afzal »

Thanks for your suggestion tgriep. I used nano to edit the original "check_vpn_status" plugin file and replaced oid. It worked.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: check_vpn_status for IKEv2

Post by tgriep »

That is good news. As long as it is working for you, I'll mark the post as solved and lock it up. Feel free to open a new post in the future.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked