You're making this way too hard!
We use Cisco VPN so you'll have to translate this to your environment, but what
we do is this:
1. In our seed file, we put the address of the tunnel partner at the other end.
This is done with ICMP only, as SNMP across the internet even inside a tunnel
is a bit spotty. So we ping the router at that far end through the tunnel. If
the tunnel is down, the pings fail, i.e. the VPN connection is broken.
2. We automated the traps the VPN concentrator sends - in our case, the Cisco
VPN concentrator produces a message saying when a "user" logs on or off - in
our case, our remote VPN concentrators are "users" and we have a ruleset that
forwards the traps to a script that parses out the "users" we are concerned
about (only the hardware clients/concentrators) are acted upon.
3. A third step we are taking is to catch these log on/off situations by the
hardware client and issue a different up/down trap so that we can do the 5
minute correlation to make sure they are really down.
Don't know if this helps, but it is an approach I have had success with.
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]On
Behalf Of Nicolas DE VAUX BIDON
Sent: Friday, December 12, 2003 3:30 AM
To: nv-l@lists.us.ibm.com
Subject: [nv-l] How to supervise correctly a VPN connection
Hi,
I'm trying to integrate a VPN connection on a network map.
I don't know really how to do this. For the moment, I define manually a gateway
object with two interface. These interfaces represent endings of the VPN...
The VPN is composed of a checkpoint NG FP3 on a side and a contivity box on the
other side.
In fact the reality is deformed.... In this context, I also need also to use
the RFI feature.
I think i'm not the only person who try to do this, i tried to find the
information in documentation and archives of nv-l, but i found nothing.
I'll wondering if someone could help me ;)
Netview 7.1.3 FixPack1 (NT Version)
|