Ad Widget

Collapse

Monitoring Cisco ASA VPN Traffic/State

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • lpossamai
    Senior Member
    • Jun 2018
    • 119
    #1

    Monitoring Cisco ASA VPN Traffic/State

    Hi all,

    I've got a Zabbix 3.4 server running and a Cisco ASA 5520. I am trying to monitor the traffic over a site-to-site VPN connection. I came across this POST (https://www.zabbix.com/forum/zabbix-...ec-vpn-tunnels), but as it is quite old, I decided to ask the question again...

    Do you guys know how I can monitor a VPN Traffic through Zabbix using SNMP v2?

    Cheers
    Monitoring Cisco PIX/ASA IPsec VPN tunnels - ZABBIX Forums
    https://www.zabbix.com
    Monitoring Cisco PIX/ASA IPsec VPN tunnels
    Tags: None
    • lpossamai
      Senior Member
      • Jun 2018
      • 119
      #2
      So.... after spending some time I managed to get this working with the query_asa_lan2lan.pl script.

      My Setup 2018:

      Zabbix 3.4
      CentOS 7 64 Bits


      1. download it from this thread.
      2. Copy the script to the "externalscripts" folder in your Zabbix Server. Usually "/usr/lib/zabbix/externalscripts/"
      3. Install any Perl dependencies you may need

      Code:
      use POSIX;
use Switch;
use Net::SNMP;
      4. Test your script

      Code:
      perl /usr/lib/zabbix/externalscripts/query_lan2_lan_cisco_final.pl community ASA_IP_ADDRESS ASA get RX PEER_IP_ADDRESS
      Example:

      My ASA FW IP: 192.168.1.1
      VPN Peer IP Address: 203.120.120.12

      Code:
      perl /usr/lib/zabbix/externalscripts/query_lan2_lan_cisco_final.pl public 192.168.1.1 ASA get RX 203.120.120.12
      5. Create a new Template via the Web Interface
      6. Inside that new template, create a new Item as follow:

      The key value is:

      Code:
      query_lan2_lan_cisco_final.pl["community","cisco-asa-ip","ASA","get","RX","peer-ip-address"]
query_lan2_lan_cisco_final.pl["public","192.168.1.1","ASA","get","RX","203.120.120.12"]

      Click image for larger version Name: Screenshot from 2018-06-13 15-07-00.png Views: 6449 Size: 148.8 KB ID: 360186
      Attached Files

        Comment

        • kernbug
          Senior Member
          • Feb 2013
          • 330
          #3
          Originally posted by lpossamai
          So.... after spending some time I managed to get this working with the query_asa_lan2lan.pl script.
          Cool guide, thank you.

            Comment

            • lpossamai
              Senior Member
              • Jun 2018
              • 119
              #4
              UPDATE:

              To get a better-looking graph, you may wanna tweak Zabbix.

              When creating the Item, go to the Preprocessing tab and add:

              Units = bps
              Change per second
              Custom Multiplier | Value is 8.



              The graph before the change looked like:
              Click image for larger version Name: image_11361.png Views: 6262 Size: 80.1 KB ID: 360499

              After the change it is looking like:
              Click image for larger version Name: Screenshot from 2018-06-18 10-15-55.png Views: 6222 Size: 96.3 KB ID: 360500

                Comment

                • Paulo Santos
                  Junior Member
                  • Sep 2018
                  • 4
                  #5
                  Hi.

                  Is it possible run this script in zabbix_proxy enviroment?

                  Tks

                  PS

                    Comment

                    Previous template Next
                    Working...