monitoring vpn tunnels

The solution find this one is becoz of in my previous organisation We have N number of tunnels as checkpoint is being used enterprise wide. as of now there is no monitoring mechanism for vpn tunnel been established. whenever tunnel goes down, we come to know only if project team complains. So i though Is there any mechanism to monitor vpn tunnels.

Here is few ways

1)
You could use:

Code:
cpstat vpn -f ipsec
to check the number of inbound and outbound SAs.

2)
If you are using Check Point gateways on both sides of the VPN, the best way to do this is to set Permanent Tunnels in the VPN Community. On the "Tunnel Management" screen of the VPN community you can set up automatic Emails/SNMP Traps for when the tunnel falls down and can't get back up. Once again permanent tunnels only works between Check Point gateways.

If the remote firewalls are not Check Point, the best you can do under "Global Properties...Log and Alert" is to set "VPN Configuration & Key Exchange Errors" & "VPN Packet Handling Errors" to an Email/SNMP Trap to notify you if a tunnel fails. These log events should not trip unless there is a problem, just be sure to temporarily disable these when setting up & testing a new VPN or you will get bombed with alerts. :-)

Comments

1 Response to "monitoring vpn tunnels"

Vaibhav Manchekar said... October 30, 2014 at 5:12 AM

Thank you Very Much :)

Post a Comment