All Products
Search

This Product

    VPN Gateway:Monitor an IPsec-VPN connection

    Document Center

    VPN Gateway:Monitor an IPsec-VPN connection

    Last Updated:Oct 09, 2023

    This topic describes how to monitor an IPsec-VPN connection by using CloudMonitor. You can also set threshold-triggered alert rules and monitor the traffic of an IPsec-VPN connection. When the threshold is breached, a notification is sent to you.

    View the monitoring data about an IPsec-VPN connection

    If the IPsec-VPN connection is associated with a VPN gateway and uses the dual-tunnel mode, you can also view the monitoring data of the tunnels.

    1. Log on to the VPN gateway console.
    2. In the left-side navigation pane, choose VPN > IPsec Connections.
    3. In the top navigation bar, select the region where the IPsec-VPN connection is created.

    4. On the IPsec-VPN connection page, find the IPsec-VPN connection that you want to manage and click its ID.

    5. On the Monitor tab of the IPsec-VPN connection, view the monitoring data about the connection.

      If the IPsec-VPN connection is associated with a VPN gateway and uses the dual-tunnel mode, you can select different dimensions and view the monitoring data of the tunnels or the IPsec-VPN connection.监控隧道.png

      • By default, the system displays the monitoring data within the last hour. You can also select 3 hours, 6 hours, 12 hours, or specify a custom time range.

      • The system can automatically update monitoring data.

        On the top of the Monitor tab, you can turn on Auto Refresh to enable the system to automatically update monitoring data every minute.

      Dimension

      Metric

      Description

      IPsec-VPN Connection

      Inbound Packet Rate of IPsec-VPN Connection

      The rate at which the IPsec-VPN connection receives packets. Default unit: packet/s.

      You can also select Kpps or Mpps from the drop-down list next to the metric.

      Outbound Packet Rate of IPsec-VPN Connection

      The rate at which the IPsec-VPN connection sends packets. Default unit: packet/s.

      You can also select Kpps or Mpps from the drop-down list next to the metric.

      Inbound Traffic Rate of IPsec-VPN Connection

      The rate at which the IPsec-VPN connection receives data. Default unit: bit/s.

      You can also select Kbps, Mbps, or Gbps from the drop-down list next to the metric.

      Outbound Traffic Rate of IPsec-VPN Connection

      The rate at which the IPsec-VPN connection sends data. Default unit: bit/s.

      You can also select Kbps, Mbps, or Gbps from the drop-down list next to the metric.

      Tunnel

      Inbound Packet Rate of Tunnel

      The rate at which the tunnel receives packets. Default unit: packet/s.

      You can also select Kpps or Mpps from the drop-down list next to the metric.

      Outbound Packet Rate of Tunnel

      The rate at which the tunnel sends packets. Default unit: packet/s.

      You can also select Kpps or Mpps from the drop-down list next to the metric.

      Inbound Traffic Rate of Tunnel

      The rate at which the tunnel receives traffic. Default unit: bit/s.

      You can also select Kbps, Mbps, or Gbps from the drop-down list next to the metric.

      Outbound Traffic Rate of Tunnel

      The rate at which the tunnel sends traffic. Default unit: bit/s.

      You can also select Kbps, Mbps, or Gbps from the drop-down list next to the metric.

    Create a threshold-triggered alert rule for an IPsec-VPN connection

    We recommend that you create a threshold-triggered alert rule for an IPsec-VPN connection. When the threshold is breached, a notification is sent to you. You can troubleshoot based on the information. When you create a threshold-triggered alert rule for an IPsec-VPN connection, you need to select different metrics based on the resource associated with the IPsec-VPN connection.

    When an IPsec-VPN connection is associated with a VPN gateway

    1. Log on to the CloudMonitor console.

    2. In the left-side navigation pane, choose Alerts > Alert Rules.

    3. On the Alert Rules page, click Create Alert Rule.

    4. In the Create Alert Rule panel, select vpngw from the Product drop-down list, set the parameters, and then click OK.

      The following table describes the parameters that are relevant to this topic. For more information about how to configure other parameters, see Create an alert rule.

      Click +Add Alert Rule, set the following parameters in the Add Rule Description panel, and then click OK.

      Parameter

      Description

      Alert Rule

      Enter a name for the alert rule.

      Metric Type

      Select a metric type for the alert rule. In this example, Single Metric is selected. For more information about how to configure multiple metrics and dynamic thresholds, see Create an alert template.

      • Single Metric

      • Multiple Metrics

      • Dynamic Threshold

      Metric

      Select a metric.

      • Monitoring metrics of IPsec-VPN connections

        • IPSec.connection.rxPkgs: the rate at which the IPsec-VPN connection receives packets.

        • IPSec.connection.txpkgs: the rate at which the IPsec-VPN connection sends packets.

        • IPSec.connection.rx.rate: the rate at which the IPsec-VPN connection receives data.

        • IPSec.connection.tx.rate: the rate at which the IPsec-VPN connection sends data.

      • Monitoring metrics of tunnels

        • Tunnel.rx.pps: the rate at which the tunnel receives packets.

        • Tunnel.tx.pps: the rate at which the tunnel sends packets.

        • Tunnel.rx.bps: the rate at which the tunnel receives traffic.

        • Tunnel.tx.bps: the rate at which the tunnel sends traffic.

      Threshold and Alert Level

      Enter the conditions, threshold, and alert level of the alert rule.

      Chart Preview

      The monitoring data of the selected metric is displayed in the chart.

    When an IPsec-VPN connection is associated with a VPN gateway

    1. Log on to the CloudMonitor console.

    2. In the left-side navigation pane, choose Alerts > Alert Rules.

    3. On the Alert Rules page, click Create Alert Rule.

    4. In the Create Alert Rule panel, select VPN Connections from the Product drop-down list, set the parameters, and then click OK.

      The following table describes the parameters that are relevant to this topic. For more information about how to configure other parameters, see Create an alert rule.

      Click +Add Alert Rule, set the following parameters in the Add Rule Description panel, and then click OK.

      Parameter

      Description

      Alert Rule

      Enter a name for the alert rule.

      Metric Type

      Select a metric type for the alert rule. In this example, Single Metric is selected. For more information about how to configure multiple metrics and dynamic thresholds, see Create an alert template.

      • Single Metric

      • Multiple Metrics

      • Dynamic Threshold

      Metric

      Select a metric.

      • vpn.connection.rxPkgs: the rate at which the IPsec-VPN connection receives packets.

      • vpn.connection.txPkgs: the rate at which the IPsec-VPN connection sends packets.

      • vpn.connection.rx.rate: the rate at which the IPsec-VPN connection receives traffic.

      • vpn.connection.tx.rate: the rate at which the IPsec-VPN connection sends traffic.

      Threshold and Alert Level

      Enter the conditions, threshold, and alert level of the alert rule.

      Chart Preview

      The monitoring data of the selected metric is displayed in the chart.