SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  VPN tunnels monitoring

    Posted 09-15-2016 01:15

    Dears,

     

    We have an SRX5800 that is running junos 12.1X46-D35.1. 

    we have implemented VPN tunnels and we want to monitor it (number of active tunnels, number of down tunnels, ) using MIBs.

    I want to know if there is an OID that monitors the number of ipsec tunnels and the subinterfaces of st0.

     

    Best regards.


    #mibs
    #OIDs
    #vpn
    #IPSec
    #JUNOS


  • 2.  RE: VPN tunnels monitoring

     
    Posted 09-15-2016 03:05

    Check out the Junos MIB Exporer search.

     

    https://contentapps.juniper.net/mib-explorer/search.jsp

     

    I think the OID for active tunnels you want is:  

    Name jnxVpnActiveVpns
    OID 1.3.6.1.4.1.2636.3.26.1.1.2.0
    SyntaxGauge 32
    Access read-only
    Status current
    Description
    Number of active VPNs.

    I don't see a count for down tunnels but there is a trap for the tunnel going down

    Name jnxVpnIfDown
    OID 1.3.6.1.4.1.2636.3.26.0.2
    Syntax TRAP
    Status current
    Description
    A jnxVpnIfDown notification is generated when the interface with index jnxVpnIfIndex belonging to the VPN named jnxVpnIfVpnName of type jnxVpnIfVpnType transitions to the 'down' state.

    I don't see what you are looking for on the interface for VPN.  But you might be able to use the jnxVpnIfEntry tree to monitor what you are looking for.

     

    jnxVpnIfTable

    •  
      jnxVpnIfEntry
      •  
        jnxVpnIfVpnType
      •  
        jnxVpnIfVpnName
      •  
        jnxVpnIfIndex
      •  
        jnxVpnIfRowStatus
      •  
        jnxVpnIfStorageType
      •  
        jnxVpnIfAssociatedPw
      •  
        jnxVpnIfProtocol
      •  
        jnxVpnIfInBandwidth
      •  
        jnxVpnIfOutBandwidth
      •  
        jnxVpnIfStatus

     

     

     

     

     

     



  • 3.  RE: VPN tunnels monitoring

    Posted 09-19-2016 01:28
    Dears,

    I have tried all the mentioned OIDs but nothing was working for our case.
    all the "show snmp mib walk < OIDs>" output are empty .


    It may be software version dependent or is there any special treatment that enables the VPN monitoring using MIBs.


    Best regards.
    Bassem


  • 4.  RE: VPN tunnels monitoring

    Posted 09-19-2016 01:28
    Dears,

    I have tried all the mentioned OIDs but nothing was working for our case.
    all the "show snmp mib walk < OIDs>" output are empty .


    It may be software version dependent or is there any special treatment that enables the VPN monitoring using MIBs.


    Best regards.
    Bassem


  • 5.  RE: VPN tunnels monitoring

    Posted 09-25-2016 05:06

    Dears,

     

    We still need the mentionned OIDs.

    Please is there anyone who faced this issue ans succeeded to find out the solution.

     

    I am looking forward to reading your notes, please.

     

    Best regards.

    Bassem



  • 6.  RE: VPN tunnels monitoring

     
    Posted 09-25-2016 12:54

    I've setup some active VPN tunnels and run the snmp mib tests on the Junos command line.  I get the same results you mention, no results, and I can see the active SA on the box at the time.  So these don't work even on an SRX running 12.3



  • 7.  RE: VPN tunnels monitoring

    Posted 04-07-2017 00:23

    Hi Gents, 

     

    The MIB OID you are looking into is for MPLS VPNs not IPSEC. 

     

    Regards



  • 8.  RE: VPN tunnels monitoring

     
    Posted 04-09-2017 05:20

    Thanks Abdellah,

     

    Looks like this is the correct tree section on the MIB and there are a number of phase 1 and phase 2 specific options to consider for monitoring down from here.

     

    jnxIpSecMonitorMIB

     

    https://apps.juniper.net/mib-explorer/search.jsp#object=jnxIpSecMonitorMIB&product=Junos%20OS&release=12.1x46-D60