I've done an SNMP walk on the ASA and a GET on the ipRouteTable MIB and can't see that this is available on the ASA. The GET on the route table gives back "No Such Object".
So - how do I monitor the default route on the ASA with SNMP? I need to make sure the ASA is sending the traffic to the correct place. Usually the OID ends with the route you want to monitor, in my case it would end with .0.0.0.0 which would then give me the next hop IP as the returned result.
Anyone done this?
The OID should be: ipRouteNextHop.0.0.0.0 which is .1.3.6.1.2.1.4.21.1.7.0.0.0.0
how often does your default route change?
I could see this in some sort of DR scenario.
but it'd more more of a point and forget type of thing for me.
Static routes for the win, baby!
The default route is never supposed to change, hence the SNMP check / alert mechanism I need to set up.
The ASA only has static routes, but the default static route is a tracked route in case our primary ISP goes down. Then outbound internet traffic fails over.
My site to site VPNs are done by a different device using VTI tunnels, with one tunnel pointing across each of my internet lines in front of the ASAs. This IPSEC VPN tunnels are not reliant upon the default route of the ASA and will failover independantly.
I might need to raise a case on this one - I'm not sure how I can monitor this at present.
Enhancement request has been filed by someone... Feature missing since 8.4 according to the bug. No planned release to fix... Seems a bit odd to me, I wonder what this snmp oid breaks or creates risk against.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCty94557/
at worst, python expect script to login, show ip route 0.0.0.0 and compare the expected output / next hop (regex is prob easiest).
Can't monitor IP SLA either : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCui53368
I'm going to look at something like Ansible or Py as you suggest. Can Nagios do monitoring with Ansible? Would be pretty flexible if so.