|
OID '1.3.6.1.4.1.12356.101.12.2.2.1.2' is used to get the IPsec VPN Phase1 name and OID '1.3.6.1.4.1.12356.101.12.2.2.1.20.x.y' is used to monitor IPsec VPN Phase2. x is phase1 serial and y is phase2 serial.
Both of them are used as indexes in the VPN tunnel list, the serial number can be identified by running the CLI command 'dia vpn tunnel list':
-----------------------------------------------------------------------------------------------
name=p1 ver=1 serial=1 10.10.99.1:0->10.10.99.2:0 dst_mtu=0 <-- x= phase1 serial.
bound_if=5 lgwy=static/1 tun=intf/0 mode=auto/1 encap=none/528 options[0210]=create_dev frag-rfc accept_traffic=1 overlay_id=0
proxyid_num=2 child_num=0 refcnt=11 ilast=9 olast=29 ad=/0
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=on-demand on=1 idle=20000ms retry=3 count=0 seqno=0
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=p2 proto=0 sa=0 ref=1 serial=1 <-- y= phase2 serial.
src: 0:192.168.61.0/255.255.255.0:0
dst: 0:192.168.62.0/255.255.255.0:0
proxyid=t2 proto=0 sa=0 ref=1 serial=2 <-- y= phase2 serial.
src: 0:192.168.51.0/255.255.255.0:0
dst: 0:192.168.52.0/255.255.255.0:0
If this OID returns the INTEGER: 1 means the tunnel is down and INTEGER: 2, means the tunnel is up.
Monitoring the status of the IPsec tunnel is possible only for 'static' tunnels. For Dialup it is not possible to monitor the status.
|
