Troubleshooting tips for issues with VPN tunnel monitoring data collection
VPN monitoring enables you to track the health, performance, and security of encrypted site-to-site tunnels on supported firewalls. With SNMP performance counters, you can detect tunnel outages, monitor traffic, and validate encryption and hashing configurations. Site24x7 automatically discovers and displays IPsec tunnels for Cisco, FortiGate, and WatchGuard firewalls and Layer 3 devices.
Supported vendors
Vendor | Support notes |
Cisco | SNMP-based IPsec metrics pulled from CISCO-IPSEC-FLOW-MONITOR-MIB and CISCO-IKE-MIB |
FortiGate | IPsec tunnel metrics via FORTINET-FORTIGATE-MIB |
WatchGuard | IPsec tunnel attributes via WATCHGUARD-IPSEC-MIB |
Metrics and OIDs
Below are the key SNMP performance counters used to monitor IPsec VPN tunnels.
Cisco IPsec tunnel metrics
Metric name | OID | Description |
Host Name | .1.3.6.1.4.1.9.9.171.1.3.2.1.5 | IP of the remote VPN endpoint |
Encryption | .1.3.6.1.4.1.9.9.171.1.2.3.1.12 | Encryption algorithm used |
Hashing | .1.3.6.1.4.1.9.9.171.1.2.3.1.13 | Hash or authentication method used |
Active Time | .1.3.6.1.4.1.9.9.171.1.3.2.1.10 | Seconds since the tunnel became active |
In Traffic (bps) | .1.3.6.1.4.1.9.9.171.1.3.2.1.26 | Total bytes received via the tunnel |
Out Traffic (bps) | .1.3.6.1.4.1.9.9.171.1.3.2.1.39 | Total bytes sent via the tunnel |
Status | .1.3.6.1.4.1.9.9.171.1.3.2.1.51 | Operational state of the tunnel |
FortiGate IPsec tunnel metrics
Metric | OID | Description |
Remote IP Selector | .1.3.6.1.4.1.12356.101.12.2.2.1.12 | Remote peer IP (selector) |
In Traffic (bps) | .1.3.6.1.4.1.12356.101.12.2.2.1.18 | Bytes received via the tunnel |
Out Traffic (bps) | .1.3.6.1.4.1.12356.101.12.2.2.1.19 | Bytes transmitted via the tunnel |
Tunnel Last Uptime | .1.3.6.1.4.1.12356.101.12.2.2.1.15 | Seconds since tunnel establishment |
Encryption | .1.3.6.1.4.1.12356.101.12.2.2.1.14 | Encryption algorithm for the tunnel |
Status | .1.3.6.1.4.1.12356.101.12.2.2.1.20 | Operational state of the tunnel |
WatchGuard IPsec tunnel metrics
| Metric | OID | Description |
| Host Name | .1.3.6.1.4.1.3097.6.5.1.2.1.2 | Local tunnel endpoint IP |
| Encryption | .1.3.6.1.4.1.3097.6.5.1.2.1.8 | Encryption algorithm used (ESP) |
| Hashing | .1.3.6.1.4.1.3097.6.5.1.2.1.9 | Authentication algorithm (ESP) |
| In Traffic (bps) | .1.3.6.1.4.1.3097.6.5.1.2.1.28 | Bytes received on the tunnel |
| Out Traffic (bps) | .1.3.6.1.4.1.3097.6.5.1.2.1.29 | Bytes sent on the tunnel |
Troubleshooting tips
Tunnel not appearing in monitoring
- Verify that SNMP v2c or v3 credentials are correctly configured on the firewall.
- Confirm that the On-Premise Poller is running and has network reachability to the device.
- Ensure the device profile supports the above mentioned SNMP metrics for IPsec (some models or firmware may differ).
Tunnel status always down
- Verify if the peer is reachable (use ICMP ping from the On-Premise Poller).
- Check if the shared keys and phase parameters match on both ends.
- Validate if the OID returns data via an SNMP walk.
No traffic data
If counters remain at zero:
- Confirm that there is active traffic between the sites.
- Ensure correct OID indexing for multiple tunnels (per tunnel instances).
Best practices
- Use SNMP v3 for secure polling.
- Poll tunnel metrics at frequent intervals (e.g., every 1–5 minutes).
- Correlate SNMP data with firewall logs for deeper diagnosis.
- Validate encryption and hash algorithms to comply with security policies.
Metrics summary
Category | What you can do |
Status and Uptime | Detect outages and rekey events. |
Traffic | Monitor inbound and outbound traffic. |
Security Parameters | Validate encryption and hashing. |
These metrics, when tracked, help you maintain reliable, secure site-to-site VPN connectivity and quickly identify tunnel problems before they impact applications.
Related Articles
How to set up alerts for network device data collection issues
When your network monitoring interfaces are not collecting data due to issues in the Network Module, you'll want to be alerted. To set up alerts, you need to add or edit the threshold and availability profile of the On-Premise Poller, which is used ...
Troubleshooting tips for log collection errors
The following is a list of possible log collection errors and the solutions to fix them: Error message Reason Solution Upload Limit Reached You might have reached the maximum upload limit configured for this log type in the current billing cycle. ...
Troubleshooting steps if the data collection stops for a network device
Case 1: The On-Premise Poller is Down and/or the Network Module is Disabled. Go to Admin > On-Premise Poller. Check if the state of the On-Premise Poller is active. If not, activate it. Check if the status of the On-Premise Poller is up. If it's ...
Troubleshooting data collection issues while using SNMP v3 credentials
When data collection stops, check: If data collection has stopped for only a particular device or for all devices. If any out of memory (OOM) files are present in the following folder: {poller directory}/NetworkPlus/bin folder The credential ...
What APIs are used for Cisco ACI monitoring in Site24x7?
The table shows the APIs used for fetching data from the Cisco ACI network. Replace hostname in the API URL with the appropriate value according to your Cisco ACI network. API Purpose https://hostname/api/aaaLogin.json For logging in to the Cisco ...