cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Where does NCM pull VPN tunnel info from?

I have just noticed that on one (I haven't investigated other yet) of our ASA nodes that NCM shows us to have 6 Site-to-site VPN tunnels, 5 of which show down status.

Our issue here is, there is only one configured site to site tunnel on this ASA. Where is NCM picking up the other 5 that don't exist?

Tags (2)
0 Kudos
7 Replies

currently have the snmp and CLI Polling set  for the ASA FW  and shows  all the VPN tunnels  for both active and inactive. what version of npm do you have?

 

 

 

0 Kudos

I think this question should be in the NPM section and NCM does not provide this info. But could the other 5 tunnels just be old ones that have been deleted over time?

Do they show as down - red? or are they just unreachable - grey?

0 Kudos

These are/were showing as red.

If you have seen my recent posts, this is basically a fresh install of Orion. Manually added all of our firewalls to this install. There is no reason for any residual tunnels to be showing. In fact one of the firewalls we have only ever had 2 tunnels configured at all, and these that show down, were never on the firewall.

0 Kudos

Did you ever get a resolution to this?  I'm seeing a over a dozen "failed" s2s vpn connections that never existed in the first place.  All of these are just attempts by outside entities to establish a connection to us.  Mostly ShadowServer (just doing what they do, I guess) but a few from random other entities.

0 Kudos

No solution so far

0 Kudos

I think I might have found my answer.

These specific tunnels never existed on this ASA at all. However, it appears that something was attempting to MAKE a S2S VPN connection using several different IPs in series when I happened to notice this in Orion.

Looking this morning and I only see the 1 S2S VPN that SHOULD be there, and not the others that I saw last week.

I will keep an eye open to see if this is a common occurrence across all our firewalls.

EDIT: I checked our office firewall after I replied and I see 23 VPN tunnels all in DOWN state because of PHASE 1 failure. We have never had more than 5 S2S VPN tunnels setup on this firewall. Further evidence that these tunnels are being added to the profile simply because they show up as attempts in the firewall log?!?!?

0 Kudos

Not sure if these help?

Success Center

Success Center

0 Kudos