we have written a new special agent to check the VPN tunnels on Cisco ASA via API and ditch the (really slow as heck) SNMP check for it.
This check gathers all VPN Lan-to-Lan tunnels with Phase 1 (VPN Peer IKE) and Phase 2 (VPN Peer IPSec) via Web-API. It also shows the given VPN description and Proxy-IDs per peer.
Advantages compared to SNMP VPN check: runtime <1s, SNMP query may take over 90 seconds if many VPNs are configured, also all VPNs go UNKN for a query period when a new VPN is established.
Runs with ASA min version: Cisco Adaptive Security Appliance Version 9.14
A new datasource program is added where to put username/password against the API.
Just set the ASA to “SNMP + Special Agent” to get it to work
Here is the link: https://exchange.checkmk.com/p/cisco-vpn-l2l-agent