4 Replies Latest reply: Nov 27, 2012 12:52 PM by JasonKV RSS

OID for ASA-5520 for VPN connections / a different spin

jamesfclark

Hi,  I've seen a few post about monitoring VPN connections, and I haven't been able to figure out how to get the exact info I am looking for.  I've tried a number of OIDs, and get partial info, but never correct.

If I am in Cisco ADSM and I go to monitoring / VPN / VPN Stats / VPN sessions... I have 2 numbers I'm looking for The total of the first page (Ras connections, or desktop clients) and second the number of Lan to Lan connections. 

When I use all the OIDs I've tried so far, it seems to get confused with the IPSecoverNatT and the IPSecOverUDP for the regual connections and one of my site to site shows IPSECoverLANtoLAN and the other IPSECoverLANtoLANNATT

When ever I try it I seem to get the overNATTs no problem.  but I'd liek to build it so I get the RAS over either with out the LANtoLAN and the LANtoLAN total number whether they are LANtoLAN or LANtoLANnatT?

 

Still on the newer side of this, but when walk the tree and test anything close to what I need I either get incorrect info or OID not supported.   Can anyone out there shed some light?  I've spent too many hours at night obsessing on this, so now it's time to ask for help.

 

Thanks,

 

James

 
  • Re: OID for ASA-5520 for VPN connections / a different spin
    lchance

    we just got the Cisco ASA 5540 which is replacing our Cisco VPN 3xxx Concentrators. as soon as i can i will try to MIB walk it and see if i can provide any help to you.

    i do have our VPN sessions monitored on the 3xxx Concentrators using various OIDs to show IPSec LAN-to-LAN and OverNAT-T .etc plus Tunnel Count and Session Count.

    but i don't know the ASA well enough yet but maybe real soon. maybe someone else will chime in with some info for you.

    what i did with the Concentrator OIDs is build poller groups based on the tables and then put it together in the Node Details view. and you can create reports and publish these too.

  • Re: OID for ASA-5520 for VPN connections / a different spin
    dclick

    I dont know if you have made any progress with this, but there are  a couple of UDP pollers in the Content Exchange that will allow you to, at the least, graph the number of current (Active) sessions of your vpn sessions - I have ours set to so WebVPN, AnyConnect, IPSec and IPSec L2L. 

    Here are the OID's I am using on a Cisco ASA5520 -

     

    IPSec L2L
    CISCO-REMOTE-ACCESS-MONITOR-MIB:crasL2LNumSessions
    1.3.6.1.4.1.9.9.392.1.3.29

    IPSec
    CISCO-REMOTE-ACCESS-MONITOR-MIB:crasIPSecNumSessions
    1.3.6.1.4.1.9.9.392.1.3.26

    SSL VPN  (AnyConnect)
    CISCO-REMOTE-ACCESS-MONITOR-MIB:crasSVCNumSessions
    1.3.6.1.4.1.9.9.392.1.3.25

    WebVPN
    CISCO-REMOTE-ACCESS-MONITOR-MIB:crasWebvpnNumSessions
    1.3.6.1.4.1.9.9.392.1.3.38

  • Re: OID for ASA-5520 for VPN connections / a different spin
    aLTeReGo

    For anyone who's interested I've created a Universal Device Poller for the ASA to monitor VPN sessions using the information above. It's available in the content exchange at the link below. Enjoy.

    Cisco ASA Active VPN Connections