DataDog · Pierre-L42 · Jul 30, 2025 · Jul 31, 2025 · Jul 31, 2025 · Jul 31, 2025
@@ -3476,6 +3476,11 @@ menu:
       parent: ndm_setup
       identifier: ndm_sd-wan
       weight: 30005
+    - name: VPN Monitoring
+      url: network_monitoring/devices/vpn_monitoring
+      parent: ndm_setup
+      identifier: ndm_vpn_monitoring
+      weight: 30006
     - name: Profiles
       url: network_monitoring/devices/profiles
       parent: ndm

@@ -68,7 +68,10 @@ To begin monitoring your network devices, enable SNMP monitoring using one of th
 [Ping][5]
 : Additionally, SNMP supports enabling ping on your devices.
 
-### Enrich network devices with tags 
+[VPN Monitoring][21]
+: Configure VPN monitoring to start monitoring your devices' VPN tunnels.
+
+### Enrich network devices with tags
 
 After NDM is configured on your devices, you can further enrich them by adding network device tags using the following methods:
 
@@ -94,7 +97,7 @@ Customize metrics and tags on your devices by viewing the [Supported Devices][9]
 [GUI based profile authoring][6]
 : Take advantage of Datadog Network Monitoring's GUI based device onboarding experience where you can add custom metrics and tags to your devices.
 
-### NetFlow Monitoring 
+### NetFlow Monitoring
 
 Configure [NetFlow Monitoring][11] to visualize and monitor your flow records from your NetFlow-enabled devices.
 
@@ -143,4 +146,5 @@ Configure [NetFlow Monitoring][11] to visualize and monitor your flow records fr
 [17]: /api/latest/network-device-monitoring/#get-the-list-of-tags-for-a-device
 [18]: /api/latest/network-device-monitoring/#update-the-tags-for-a-device
 [19]: /network_monitoring/devices/troubleshooting
-[20]: /integrations/guide/high_availability
+[20]: /integrations/guide/high_availability
+[21]: /network_monitoring/devices/vpn_monitoring
@@ -0,0 +1,175 @@
+---
+title: VPN Monitoring
+description: Get started with monitoring your devices VPN tunnels.
+further_reading:
+  - link: "https://www.datadoghq.com/knowledge-center/network-monitoring/snmp-monitoring/"
+    tag: "Knowledge Center"
+    text: "SNMP Monitoring Overview"
+  - link: "https://www.datadoghq.com/blog/monitor-snmp-with-datadog/"
+    tag: "Blog"
+    text: "Monitor SNMP with Datadog"
+---
+
+## Overview
+
+VPN monitoring provides visibility into your devices' VPN tunnels within Network Device Monitoring (NDM). This feature allows you to keep track of critical data and metrics to examine the health of your VPN tunnels.
+
+When configured, the SNMP check collects VPN tunnel data from your devices. This can be configured for [individual][4] as well as [Autodiscovered][5] devices.
+
+## Prerequisites
+
+Agent version `7.70` or higher.
+### Limitations
+
+- Support is limited to Cisco IPsec VPN tunnels.
+
+## Configuration
+
+1. Install or upgrade the [Datadog Agent][1] to v7.70+.
+
+2. Edit the `snmp.d/conf.yaml` file in the `conf.d/` folder at the root of your [Agent's configuration directory][2] for individual devices, or the [`datadog.yaml`][3] Agent configuration file for Autodiscovery.
+
+{{< tabs >}}
+{{% tab "Individual" %}}
+
+To enable VPN monitoring to all _manually_ configured devices, add the `collect_vpn` configuration in the `init_config` section:
+
+{{< highlight yaml "hl_lines=4" >}}
+init_config:
+  loader: core
+  use_device_id_as_hostname: true
+  collect_vpn: true          # (default false) enable collecting VPN tunnel data
+instances:
+  - ip_address: '1.2.3.4'
+    community_string: 'sample-string'
+    tags:
+    - 'key1:val1'
+    - 'key2:val2'
+{{< /highlight >}}
+
+Or, apply the `collect_vpn` configuration _per_ instance:
+
+{{< highlight yaml "hl_lines=10" >}}
+init_config:
+  loader: core
+  use_device_id_as_hostname: true
+instances:
+  - ip_address: '1.2.3.4'
+    community_string: 'sample-string'
+    tags:
+      - 'key1:val1'
+      - 'key2:val2'
+    collect_vpn: true        # (default false) enable collecting VPN tunnel data
+{{< /highlight >}}
+
+{{% /tab %}}
+
+{{% tab "Autodiscovery" %}}
+
+To enable VPN monitoring to all _Autodiscovery_ subnets, add the `collect_vpn` configuration under the `network_devices.autodiscovery` section:
+
+{{< highlight yaml "hl_lines=7" >}}
+network_devices:
+  autodiscovery:
+    workers: 100
+    discovery_interval: 3600
+    loader: core
+    use_device_id_as_hostname: true
+    collect_vpn: true        # (default false) enable collecting VPN tunnel data
+    configs:
+      - network_address: 10.10.0.0/24
+        loader: core
+        snmp_version: 2
+        port: 161
+        community_string: '***'
+        tags:
+        - "key1:val1"
+        - "key2:val2"
+{{< /highlight >}}
+
+{{% /tab %}}
+{{< /tabs >}}
+
+## Viewing VPN tunnels
+
+To view VPN tunnels in the UI:
+
+1. Select a monitored device in NDM that has VPN tunnels.
+2. Click on the **VPN Tunnels** tab in the device's side panel.
+
+### Metrics collected
+
+The following metrics are made available after enabling VPN monitoring:
+
+<table style="width: 100%;">
+  <thead>
+    <tr>
+      <th style="width: 40%;">Metric Name</th>
+      <th style="width: 65%;">Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>snmp.cipSecTunActiveTime</code></td>
+      <td>The duration the tunnel has been active in hundredths of seconds.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunHcInOctets</code></td>
+      <td>The number of octets received by the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunHcOutOctets</code></td>
+      <td>The number of octets sent by the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunInPkts</code></td>
+      <td>The number of packets received by the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunOutPkts</code></td>
+      <td>The number of packets sent by the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunInAuthFails</code></td>
+      <td>The number of inbound authentications that ended in failure for the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunOutAuthFails</code></td>
+      <td>The number of outbound authentications that ended in failure for the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunInDecryptFails</code></td>
+      <td>The number of inbound decryptions that ended in failure for the tunnel.</td>
+    </tr>
+    <tr>
+      <td><code>snmp.cipSecTunOutEncryptFails</code></td>
+      <td>The number of outbound encryptions that ended in failure for the tunnel.</td>
+    </tr>
+  </tbody>
+</table>
+
+## Troubleshooting
+
+If you experience issues using VPN monitoring, use the following troubleshooting guidelines. If you need further assistance, contact [Datadog support][6].
+
+### VPN tunnels not displayed
+
+The VPN tunnel data is collected with SNMP. If VPN tunnels are missing on a device, ensure the following:
+
+- Datadog Agent version 7.70 or later is installed.
+- Verify the device exposes the relevant VPN tunnel data with SNMP by running the following command:
+
+```shell
+sudo -u dd-agent datadog-agent snmp walk <DEVICE_IP> 1.3.6.1.4.1.9.9.171.1.3.2
+```
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /agent
+[2]: /agent/configuration/agent-configuration-files/#agent-configuration-directory
+[3]: /agent/configuration/agent-configuration-files/?tab=agentv6v7#agent-main-configuration-file
+[4]: /network_monitoring/devices/vpn_monitoring/?tab=individual#configuration
+[5]: /network_monitoring/devices/vpn_monitoring/?tab=autodiscovery#configuration
+[6]: /help