Please run 2 "Walk" tests against the device in case via our SNMP Tester.

Please use the following base OIDs for the tests:

1.3.6.1.4.1.9.9.171

1.3.6.1.4.1.9.9.392

Please forward us the results to [email protected], with reference to this thread.

The template doesn't changed any thing. The sensor was created with the local IP as remote IP again. I found following workaound: - stop PRTG Service - open Configuration file - change Remote-IP to the right value and save file - restart PRTG Service

Could this change to the configuration file cause problems in the future?

Sorry my fault, took wrong template (I already had one with a similar name). The template works, the workaroung too.

We highly recommend to use the devicetemplate and not to edit the configuration manually.

If you changed the configuration file already and your sensor works now (and all other sensors do also still work) it is not too likely that it will cause anything really bad to happen. If you encounter any new bugs within the next days, please be honest and let the support team know, that you did manual changes, though.

Hi I have aded the template and have auto-discovered the ASA device. However I am unable to the IKEv2 tunnels. When I click on add sensor I am still not able to add the IKEv2 tunnels , IKEv1 are working fine. I have rasied a cal with support but after 3 days they refuse to talk to me via phone. we have a support contract and have paid for maintenance.

Did you use the template to run the Auto-Discovery with? If so, you shouldn't be adding the sensor manually. Our support policy is to only do remote sessions or phone calls when PRTG is completely broken and there is no other way to solve the issue.

confirmed this resolved my error as well

I followed the instructions but still receive the same error. Any other suggestions?

Dear Ceriel Roland

Which PRTG version (including the four-digit build number) are you currently using?

I have over 25 different site-2-site (Lan-2-Lan) tunnels on a single firewall. Am I going to have to make 25 copies of this device template to get these to be monitored again? They were working for many months, but after a recent update to 15.3.17.2996 or so, I see its broken.

please advise.

@dclick: It would be possible to create one template with 35 create tags (just duplicate the create tags with all contents).
However, you would have to replace the id's and IPs accordingly within the one template. Afterwards the template should create all your sensors.
Best regards

Im also getting There is no active connection for this remote IP address. (code: PE123) error while my connections are all IKEv1

mx00nr001/pri/act# show vpn-sessiondb l2l

Session Type: LAN-to-LAN

Connection : x.x.x.x Index : 131 IP Addr : x.x.x.x Protocol : IKEv1 IPsec Encryption : IKEv1: (1)AES256 IPsec: (1)AES256 Hashing : IKEv1: (1)SHA1 IPsec: (1)SHA1 Bytes Tx : 1867268940 Bytes Rx : 2361103366 Login Time : 05:00:24 UTC Thu Oct 8 2015 Duration : 5d 7h:53m:55s

Connection : x.x.x.x Index : 150 IP Addr : x.x.x.x Protocol : IKEv1 IPsec Encryption : IKEv1: (1)AES256 IPsec: (1)3DES Hashing : IKEv1: (1)SHA1 IPsec: (1)MD5 Bytes Tx : 32878980 Bytes Rx : 4176673 Login Time : 00:05:10 UTC Mon Oct 12 2015 Duration : 1d 12h:49m:09s

Connection : x.x.x.x Index : 174 IP Addr : x.x.x.x Protocol : IKEv1 IPsec Encryption : IKEv1: (1)AES256 IPsec: (2)AES256 Hashing : IKEv1: (1)SHA1 IPsec: (2)SHA1 Bytes Tx : 2655399 Bytes Rx : 300480 Login Time : 12:24:49 UTC Tue Oct 13 2015 Duration : 0h:29m:30s

Hi mverboom,

Could you please use the SNMP Tester Tool and perform a walk over the OID

1.3.6.1.4.1.9.9.392

followed by a walk over the OID

1.3.6.1.4.1.9.9.171

and forward the results to [email protected]? Please refer to this knowledge base article.

Best regards, Felix

The fix no longer works for me in version 16.3.25.5767. I have just opened a support case.

I also get this error while using IKEv1. The tunnel was even up in a case, but the sensor was "stuck" with that error. Adding the sensor again worked, meaning it wasnt red anymore, but is a bad ideea if I have to add them all again manually when this happens. Losing traffic history and alot of work. Any ideea to circumvent this? Also, is it posible for the cisco asa vpn sensor to go to warning when no connection is active for like 24 hours and to red only after that ?

Dear Silavric,

The SNMP Cisco ASA sensor will use the RemoteIP as the identification key for the connection. If this IP address changes for any reason, PRTG will consider the connection as down and show an error message. The only way to keep the historic data is to pause the old sensor. This will also allow you to create reports with the historic data.

I'm afraid that it's not possible to set the sensor into a warning status if the connection is not available, the sensor will directly get into an alarm status.

Best regards, Felix

Is there a new fix for this? The one from here doesn't work, the sensor still appears down even though vpn is up.

Hi BM,

I'm not aware that this got fixed by Cisco to return the correct values for IKEv2 tunnels which are up via SNMP. Could you please provide your adjusted template to [email protected] and mention the IP address of the VPN's tunnel for further investigation?

Best regards, Felix

I have been using the standard sensor for 7x IKEv2 VPN's which was working perfectly fine. I recently added 2 more VPN's on the ASA, using the same IPsec profile as the others. Before I added them to PRTG to monitoring, all the old sensors stopped working, showing the error PE123. If I try to re-add them, they appear as discovered, but when I add them it gives error PE123 straight away. I tried the template in this thread, but an autodiscover isn't finding anything. Any ideas?

Dear Jarrad,

As no sensors are discovered via the template, it means that the Ping from the PRTG probe to the ASA does not succeed - this is the requirement for the template. Could you please write an email to [email protected] by referring to this case, I'll then be able to create a personal template for you. Please include the IP address of the IKEv2 tunnel which you want to monitor.

Kind regards,
Felix Saure, Tech Support Team

Hi Felix, I am monitoring the ASA for ping and system health etc via SNMP (which is working). So the ping and snmp check should pass. I will open a support ticket now. Thanks.

Have there been any issues with the manual method of adding a sensor for the ikev2 VPNs?

Create a SNMP CISCO ASA Traffic sensor and edit the remote IP, rename and save.

Hi JoeLoveTB,

Not to our knowledge. Did you also change the <create-id<?

If so, kindly forward the created template to [email protected] for further investigation.

Kind regards,
Felix Saure, Tech Support Team

.* bump *

Any news for a real solution instead of a workaround?

Unfortunately, no changes so far. The workaround is still the only option.