Nagios Support Forum

Hi Team,

We are using LAN IP for router monitoring, but we have ipsec tunneling security and cause of whenever client session will not enable, we can not reach to router with LAN IP, but we can reach with WAN IP. Cause of we are not getting proper availability percentage in report.

We have two WAN IP (link) for each router, but we can not monitor with. Because if I use one IP (link) and its goes down then it will show router as down, but it will work with second IP (link).

Please suggest can we monitor router with hostname or is there any other option.

So your setup looks something like this?

Link1______> |
Nagios server --> Router |Router 2
Link2------- > |

You can connect to router 2 via the wan interface on either link 1 or 2, but not through ipsec tunnels passed via either interface? Can you ping the remote routers LAN IP? Do you have proper routes setup to direct your traffic on the nagios box?

whenever client not create a session, we not get ping of router through LAN ip from Nagios box, but we get with WAN IP.

If we use a WAN IP instead of LAN IP and same WAN link goes down, we will get alert like as router is down, but router will continue work with second WAN Link.

so we can not use any (single) WAN IP.
please suggest, how we can use both IP at same time for check device reach ability or can we monitor with hostname or is there any other option.

You should be able to use a hostname for router checks without issue. Have you tried running the switch and router wizard with a hostname instead of an IP? Alternatively, it really seems that this is caused by an issue with your ipsec connection, and that you should have a check monitoring that that the router LAN checks are a child of. Enabling snmp via WAN interfaces is considered a bad security posture, but in the end is entirely up to you. You may also want to look at using a secondary nagios instance to run snmp checks locally and forward to your main instance.

I have checked with hostname, it is working but same as with IP. So it would not useful for us, cause for using hostname we need to entry in /etc/hosts on nagios box with single IP. Here we can not use multiple IP for single host, so it use only single IP and it is same like as we are present using. Please suggest is there any other option?

This sounds like a route problem:

Here we can not use multiple IP for single host, so it use only single IP and it is same like as we are present using. Please suggest is there any other option?

Could you expand on this a little more? Are you trying to add multiple IP's to a single host and service check against a router? You will likely need to define a second host for an additional IP. Without a little more detail it is hard to give the correct advise on this question. Thanks!

we need some options for monitor ipsec tunneling router.

Our setup like....
Router is up but whenever from branch side no one work on system or access intranet till time Nagios get request time for same router.
Means if that router is not use for some minutes then tunnel goes auto off and we get down alert in Nagios.

So is there any monitoring option so we will get availability of router with LAN IP in both situation (tunnel off and on).

wiproltdwiv wrote:So is there any monitoring option so we will get availability of router with LAN IP in both situation (tunnel off and on).

Not that I can see if the tunnel is going down.

The only thin I would suggest is have a machine on the inside try to keep the tunnel up by sending a ping outbound periodically.

You could monitor the interface through SNMP to see if it is up or down.