2 years ago
VPN Tunnel Monitoring
We have several Cisco IPSec Aggregate Tunnels that we are monitoring on our ASA. The problem is, many of them have a 30 minute idle timeout. I don't really need (or want) an alert if a VPN tunnel...
27 minutes ago, Kirby Timm said:Yes, you're correct. The tunnel is going "down" because of an idle timeout, which in my opinion, shouldn't warrant an alarm in LM. I could change the timeouts on the tunnels in the ASA but I don't really see a good reason too. IMHO if there is no traffic going through the tunnel than it should shutdown until it's needed again. I just don't need an alarm telling me the tunnel shutdown because of an idle timeout. I don't think there is any OID that gives LM that info though and I'm not sure how one could do it programmatically either.
Yep -- In my investigation long, long ago, I came to the same conclusion -- which is why we resorted to utilizing the logs for the device, as the 'Tunnel Down' reason is not available via any OIDs, as best I could tell.