VPN site-to-site monitoring by name
I have posted on JIRA http://jira.observium.org/browse/OBS-2438
But just wonder if anyone has any solution for this issue, we have many site-to-site tunnel and in observium its just showing count but it would be good if it shows list of tunnel by name so easy to identify down tunnel and alert.
On Tue, Oct 03, 2017 at 11:43:31AM -0400, Satish Patel wrote:
I have posted on JIRA http://jira.observium.org/browse/OBS-2438
But just wonder if anyone has any solution for this issue, we have many site-to-site tunnel and in observium its just showing count but it would be good if it shows list of tunnel by name so easy to identify down tunnel and alert. _______________________________________________
If you use route based tunnels, this is easy due to them being just like any other port. If you use policy based VPN, its really not monitorable directly. Maybe with an IP SLA probe. I try to avoid policy based VPNs as much as possible, and especially for site to site tunnels. -Nick
we are using policy base VPN because our remote end is AWS where we don't have control.
On Tue, Oct 3, 2017 at 3:56 PM, Nick Schmalenberger nick@schmalenberger.us wrote:
On Tue, Oct 03, 2017 at 11:43:31AM -0400, Satish Patel wrote:
I have posted on JIRA http://jira.observium.org/browse/OBS-2438
But just wonder if anyone has any solution for this issue, we have many site-to-site tunnel and in observium its just showing count but it would be good if it shows list of tunnel by name so easy to identify down tunnel and alert. _______________________________________________
If you use route based tunnels, this is easy due to them being just like any other port. If you use policy based VPN, its really not monitorable directly. Maybe with an IP SLA probe. I try to avoid policy based VPNs as much as possible, and especially for site to site tunnels. -Nick _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
On Tue, Oct 03, 2017 at 10:11:44PM -0400, Satish Patel wrote:
we are using policy base VPN because our remote end is AWS where we don't have control.
I don't know about the possibilities for route based VPNs on Cisco ASA in general, but route based VPNs work awesome for me with AWS on Juniper SRX. Additionally, running BGP routing with Amazon over the VPN also makes monitoring easier due to Observium's ability to monitor BGP sessions.
No matter what brand of network device, I would not use a policy based VPN for anything I want to monitor. You might be able to monitor it indirectly using IP SLA though. ASAs suck, but apparently route based VPN is a very new feature for them https://supportforums.cisco.com/t5/vpn/route-based-vpn-vti-for-asa-finally-h... -Nick
participants (2)
-
Nick Schmalenberger -
Satish Patel