8 Replies Latest reply on Nov 6, 2015 6:56 AM by rharland2012

    Branch VPN Monitoring

    itmancal

      Hi All,

      Is there a way in NPM for me to be able to monitor if LAN-to-LAN VPN's are up between all my branch offices?

      To explain more, I monitor all the VPN's from my branch office, where the SolarWinds server is, to our CoLo'd server and all the other four branch offices from here but what I also want to do is monitor the VPN connections from the CoLo to the other branch offices and the direct VPN's between the other branch offices themselves.

      The CoLo and three main branch offices use Cisco Routers and the other two smaller offices are on DrayTek Routers.

      I'd rather not pay for additional NPM servers at the other locations.

      You'll probably come back mentioning MIB's and OIDs and such so please bear in mind I'm a total nooby at this, only managing to create a custom gauge showing how many GlobalActiveTunnels are on each Cisco router but this doesn't show me any difference as to whether these are LAN-to-LAN  or individual clients and whether it is a LAN-to-LAN dropping, which is what I'm trying to monitor.

        • Re: Branch VPN Monitoring
          cjfranca

          I do not quite understand what you want.
          But you will receive other devices to monitor and will not get an add poller.
          Checks what is more important to monitor the network and frees conditions to monitor other devices. Look if you can explain more accurate I can help you exactly what you

          • Re: Branch VPN Monitoring
            rharland2012

            You are able to poll the Cisco and Draytek routers via SNMP, right?

            Do you poll these devices via the VPN tunnels you reference?

            If so - and say one of the VPNs from the colo Cisco and one of the Drayteks went down - wouldn't your polling to the Draytek fail?

            I could be oversimplifying this, but that's a pretty fair measure of whether or not the VPN tunnel is up.

            • Re: Branch VPN Monitoring
              itmancal

              Hope this makes it a little clearer.

              Office 1 = CoLo
              Office 2 = South Office (My office & home of Orion NPM Server)
              Office 3 = SouthWest Office
              Office 4 = Mid Office
              Office 5 = NW Office
              Office 6 - NE Office

              I can see all the offices through my VPN connections to each, so from office 2 to office 1,3,4,5 & 6.
              What I'm trying to monitor is whether the VPN's are up between all the other branch offices that connect to all the other offices except mine.
              So if I'm a user in office 3, I have VPN's to all the other offices, 1,2,4,5 & 6. 
              Monitoring from Orion NPM in the office 2 can't see if the VPN link from Office 3 to the offices 1,4,5 & 6 are up, just the vpn from office 2 to 3.

              • Re: Branch VPN Monitoring
                itmancal

                That's the info I'm trying to find out, is there a way to poll the tunnels on the routers in the other offices to see if they're up.

                I can't see anything when doing a resource check except for ports etc.

                  • Re: Branch VPN Monitoring
                    rharland2012

                    Understood. Here's the part where I regrettably must mention MIBs and OIDs .

                    Seriously, though - you've got some options for your first step. You can do a full SNMPwalk of (for example) one of the Cisco routers in the other offices, say office 3. Somewhere in the long list of results, there are likely going to be OIDs referring directly to the tunnels to each of the other offices. It's hard to say what exactly those OIDs might be, but it's a good bet they're not too far off from the GlobalActiveTunnels subtree. Those OIDs will correspond to each of the tunnels, and will advise on up/down and other information about them. Once discovered, you can build a UnDP (universal device poller) to capture this customized information and display it in NPM. I'm assuming you've done this to get the global tunnels counter, but in case you haven't:

                    Running SNMPWalk

                     

                    How to create an UnDP for your devices using Solarwinds Orion.pdf

                     

                    This is the method I would use to identify, collect, and display the information you're trying to get.

                    Hope this helps.

                    1 of 1 people found this helpful
                  • Re: Branch VPN Monitoring
                    itmancal

                    rharland2012

                    Thanks for the update, I had a feeling this was going to be the answer.  I guess I managed it once so I suppose I can do it again.  Thanks for your links, they look useful. Better get searching for me MIBs and OIDs.