Test VPN server alive

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
User avatar
plambrecht
Posts: 151
Joined: Wed May 19, 2004 8:11 am
Location: Belgium
Contact:
Contact plambrecht

Test VPN server alive

Post by plambrecht »

Hi,

I need an UDP test to see if my Cisco VPN server (PIX and IOS based) are up and running.
Does anyone have an UDP string to send/receive ?
Ping is not an option, because I disable ICMP on my VPN server.

Anyone ?

Pieter
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

What about SNMP test? Or you have disabled SNMP protocol as well?

Regards
Alex
Top
User avatar
plambrecht
Posts: 151
Joined: Wed May 19, 2004 8:11 am
Location: Belgium
Contact:
Contact plambrecht

Post by plambrecht »

KS-Soft wrote:What about SNMP test? Or you have disabled SNMP protocol as well?
The VPN server is published on the internet, and only accessible through the internet. SNMP is not an option.
A UDP packet looks like the only solution to me.

thx anyway for this reply.

Pieter
Top
boxy_25
Posts: 26
Joined: Tue Dec 02, 2003 3:49 am
Location: France
Contact:
Contact boxy_25

ICMP

Post by boxy_25 »

Hi,

I think you can open icmp port only for one station (the monitoring station) and block for all the other. You can also allow only "echo request" to securise at maximum.

Cédric. :wink:
Top
User avatar
plambrecht
Posts: 151
Joined: Wed May 19, 2004 8:11 am
Location: Belgium
Contact:
Contact plambrecht

Re: ICMP

Post by plambrecht »

[quote="boxy_25"]I think you can open icmp port only for one station (the monitoring station) and block for all the other. You can also allow only "echo request" to securise at maximum.
quote]

the thing is, I don't want to check ICMP, but VPN.
There always is a possibility that the ICMP works, but that de VPN service is down...
Top
boxy_25
Posts: 26
Joined: Tue Dec 02, 2003 3:49 am
Location: France
Contact:
Contact boxy_25

ICMP

Post by boxy_25 »

HI,

"There always is a possibility that the ICMP works, but that de VPN service is down..."

That depend wich IP you monitor...

If you monitor your internet IP, that's true, you cannot see if VPN is UP
But your VPN is connecting 2 network with different IP range (ex 10.1.0.0 and 10.2.0.0). if there is a computer in 10.1.0.0 that ping 10.2.0.1., you can see if VPN is UP.
You can monitor 2 or 3 IP in the distant network so if they are all dead, the VPN is dead.

Cédric :wink:
Top
User avatar
plambrecht
Posts: 151
Joined: Wed May 19, 2004 8:11 am
Location: Belgium
Contact:
Contact plambrecht

Post by plambrecht »

Your suggestion implies that I make a VPN conncetion and then ping a server of the remote network.
But that is not what I want.
I just want to check if the VPN service is alive bij 'portscanning' the UDP/500 port.
For that I need the UDP packet to send/receive...

Pieter
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

UDP port #500?
ISAKMP protocol http://www.networksorcery.com/enp/protocol/isakmp.htm
?

Regards
Alex
Top
User avatar
plambrecht
Posts: 151
Joined: Wed May 19, 2004 8:11 am
Location: Belgium
Contact:
Contact plambrecht

Post by plambrecht »

Cool site..
Apparently it is not as easy as I thought... No fixed header.. darn..

thx anyway.

Pieter
Top
ericm
Posts: 40
Joined: Tue Feb 10, 2004 6:29 am

Test VPN

Post by ericm »

If you find something please post it.
Top
Post Reply

Return to “Configuration, Maintenance, Troubleshooting”