Submit a ticketCall us

WebinarUpcoming Webinar: Should I Move My Database to the Cloud?

So you’ve been running an on-premises SQL Server® for a while now. Maybe you’ve moved it from bare metal to a VM, and have seen some positive benefits. But, do you want to see more? If you said “YES!”, then this session is for you, as James Serra will review the many benefits that can be gained by moving your on-prem SQL Server to an Azure® VM (IaaS). He’ll also talk about the many hybrid approaches, so you can gradually move to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability, and ending the days of upgrading hardware, this is the session for you.

Register now.

Home > Success Center > Network Performance Monitor (NPM) > Monitor Cisco ASA VPN Tunnel

Monitor Cisco ASA VPN Tunnel

Table of contents


This article describes how to monitor Cisco ASA VPN tunnels by monitoring a secondary variable from the Cisco MIB tree and using this information to infer the status of the tunnel.


Monitoring of the UP/Down status of a Cisco ASA VPN tunnel is not as straight forward as monitoring a regular physical or VLAN interface. This is because VPN tunnels object falls outside the scope of  RFC 1213 MIB's ifTabletree.


Note: If you are receiving false alerts for your tunnel up/down status, this could be due to the choice of OID you have chosen to monitor and alert on. Follow the steps in this KB to resolve the issue.


  • All NPM versions


  1. Configure a Universal Device Poller for monitoring of a your required MIB. Refer to Monitoring MIBs with Universal Device Pollers.
  2. Configure the custom MIB to point to the cikeGlobalActiveTunnels oid :, this gives you the number of IPSec Tunnels or you can use the “ciscoIpSecFlowMonitorMIB" “ which is one that has been recommended by CISCO.
  • The OID used in Step 2 is one of many options that could be used to monitor depending on what specific information you require, but for the purposes of this example it is deemed most suitable for monitoring of active VPNs.
  • Further options include the use of IP SLA to Monitor each tunnel endpoint and the use of the inherit trap capabilities of IPSLA to monitor tunnel failures.


Last modified