nv-l
[Top] [All Lists]

Re: [NV-L] VPN tunnel monitoring

To: Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Subject: Re: [NV-L] VPN tunnel monitoring
From: Mario Behring <mariobehring@yahoo.com>
Date: Thu, 11 Jan 2007 11:07:31 -0800 (PST)
Delivery-date: Thu, 11 Jan 2007 23:11:26 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=OaZqs4Ct0XRGBYLn4RHk8dBQAZhj2UmKchRlJqj/tgt6vE/8P+assEX9iRSxQ2OhvAhe8CUjgLsozdCsGTe89eMMuYaT/+bnLF9Tdbyl7CJd1CbHyneVj7lfHY3V+kQR9+j7oh5u3EBOQoef3w8hFVsCtRjuTgmhUQDB7Oe0IEQ=;
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
List-help: <mailto:nv-l-request@lists.ca.ibm.com?subject=help>
List-id: Tivoli NetView Discussions <nv-l.lists.ca.ibm.com>
List-post: <mailto:nv-l@lists.ca.ibm.com>
List-subscribe: <http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=subscribe>
List-unsubscribe: <http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=unsubscribe>
Reply-to: Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Sender: nv-l-bounces@lists.ca.ibm.com
Hi Stephen,

I guess it does............I'm going to test it.

My scenario is like this: several VPN tunnels pointing to different customers where we monitor servers, switches and routers using SNMP. The Cisco PIX where they are connected performs NAT operations and each client has its own subnet and IP addresses.......

Thanks in advance.

Mario






----- Original Message ----
From: Stephen Hochstetler <shochste@us.ibm.com>
To: Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Sent: Wednesday, January 10, 2007 6:50:05 PM
Subject: Re: [NV-L] VPN tunnel monitoring

It has been a few years, but what I did for monitoring the 'internet' access at a customer may work for your VPN tunneling access.

My current use of VPN tunnels require an IP address on both ends that are within the same subnet. The question for you...are these fairly static tunnels with known endpoints? Can you ping that endpoint?

If so, then what I suggest is that you create a 'virtual' node called VPNTUNNEL1 and put that into your etc/hosts file. Plus put any IP addresses that are at the other end of your tunnels (and are pingable) under the same hostname.

You can then use loadhosts command to create this virtual node and add the other interfaces. It will be non-snmp, but it will give you the ability to see if the tunnels are active. If one goes down, you will get an interface down event for the host VPNTUNNEL1. If all the VPN tunnels go down you will see a HOST DOWN event for VPNTUNNEL1.

Does this do what you need?


Stephen Hochstetler shochste@us.ibm.com
International Technical Support Organization at IBM
Office - 512-838-6198 (t/l 678) FAX - 512-838-6931
http://www.redbooks.ibm.com

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to internal IBM'ers only)



Any questions? Get answers on any topic at Yahoo! Answers. Try it now.
_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)
<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web