I've found this to be a good resource for Cisco ASA's:
http://www.activexperts.com/admin/mib/Cisco/CISCO-IPSEC-FLOW-MONITOR-MIB/objects/
I've so far been monitoring (& graphing) in/out bandwidth for each peer, in/out drops for each peer, in/out notifies for each peer, although I must confess I don't know what a drop means (is it ACL, bad packet, etc) and no idea what a notify is. I can export my UnDP if you'd like to see what I've done... I have a TAC case open to validate what I've done and see if there's anything else that could be monitored for VPN tunnel health. I think it's going to come down to syslog & snmp traps to see when a tunnel fails and can't negotiate phase I or phase II.