SRX

Expand all | Collapse all

VPN tunnels monitoring

  • 1.  VPN tunnels monitoring

    Posted 09-15-2016 01:15

    Dears,

     

    We have an SRX5800 that is running junos 12.1X46-D35.1. 

    we have implemented VPN tunnels and we want to monitor it (number of active tunnels, number of down tunnels, ) using MIBs.

    I want to know if there is an OID that monitors the number of ipsec tunnels and the subinterfaces of st0.

     

    Best regards.


    #mibs
    #OIDs
    #vpn
    #IPSec
    #JUNOS


  • 2.  RE: VPN tunnels monitoring

     
    Posted 09-15-2016 03:05

    Check out the Junos MIB Exporer search.

     

    https://contentapps.juniper.net/mib-explorer/search.jsp

     

    I think the OID for active tunnels you want is:  

    Name jnxVpnActiveVpns
    OID 1.3.6.1.4.1.2636.3.26.1.1.2.0
    SyntaxGauge 32
    Access read-only
    Status current
    Description
    Number of active VPNs.

    I don't see a count for down tunnels but there is a trap for the tunnel going down

    Name jnxVpnIfDown
    OID 1.3.6.1.4.1.2636.3.26.0.2
    Syntax TRAP
    Status current
    Description
    A jnxVpnIfDown notification is generated when the interface with index jnxVpnIfIndex belonging to the VPN named jnxVpnIfVpnName of type jnxVpnIfVpnType transitions to the 'down' state.

    I don't see what you are looking for on the interface for VPN.  But you might be able to use the jnxVpnIfEntry tree to monitor what you are looking for.

     

    jnxVpnIfTable

    •  
      jnxVpnIfEntry
      •  
        jnxVpnIfVpnType
      •  
        jnxVpnIfVpnName
      •  
        jnxVpnIfIndex
      •  
        jnxVpnIfRowStatus
      •  
        jnxVpnIfStorageType
      •  
        jnxVpnIfAssociatedPw
      •  
        jnxVpnIfProtocol
      •  
        jnxVpnIfInBandwidth
      •  
        jnxVpnIfOutBandwidth
      •  
        jnxVpnIfStatus

     

     

     

     

     

     



  • 3.  RE: VPN tunnels monitoring

    Posted 09-19-2016 01:28
    Dears,

    I have tried all the mentioned OIDs but nothing was working for our case.
    all the "show snmp mib walk < OIDs>" output are empty .


    It may be software version dependent or is there any special treatment that enables the VPN monitoring using MIBs.


    Best regards.
    Bassem


  • 4.  RE: VPN tunnels monitoring

    Posted 09-19-2016 01:28
    Dears,

    I have tried all the mentioned OIDs but nothing was working for our case.
    all the "show snmp mib walk < OIDs>" output are empty .


    It may be software version dependent or is there any special treatment that enables the VPN monitoring using MIBs.


    Best regards.
    Bassem


  • 5.  RE: VPN tunnels monitoring

    Posted 09-25-2016 05:06

    Dears,

     

    We still need the mentionned OIDs.

    Please is there anyone who faced this issue ans succeeded to find out the solution.

     

    I am looking forward to reading your notes, please.

     

    Best regards.

    Bassem



  • 6.  RE: VPN tunnels monitoring

     
    Posted 09-25-2016 12:54

    I've setup some active VPN tunnels and run the snmp mib tests on the Junos command line.  I get the same results you mention, no results, and I can see the active SA on the box at the time.  So these don't work even on an SRX running 12.3



  • 7.  RE: VPN tunnels monitoring

    Posted 04-07-2017 00:23

    Hi Gents, 

     

    The MIB OID you are looking into is for MPLS VPNs not IPSEC. 

     

    Regards



  • 8.  RE: VPN tunnels monitoring

     
    Posted 04-09-2017 05:20

    Thanks Abdellah,

     

    Looks like this is the correct tree section on the MIB and there are a number of phase 1 and phase 2 specific options to consider for monitoring down from here.

     

    jnxIpSecMonitorMIB

     

    https://apps.juniper.net/mib-explorer/search.jsp#object=jnxIpSecMonitorMIB&product=Junos%20OS&release=12.1x46-D60