I'm new to NPM and was wondering why my ASA does not show up as a network device in HardwareHealth Overview?
I heard from a friend yesterday that it is a MIB issue for all ASAs and will have to configure custom pollers if I want to monitor health statistics.
What is NPM showing it as? Unknown?
Also what version of software is running on this and what model ASA?
I don't believe the ASA supports the OIDs that Hardware Health polls.
I'm running NPM 10.3.1, monitoring ASA 5520s, 5540s, and 5585-Xs. The ASAs are running 8.2(x) and 8.4(x). None of these devices show Hardware Health as a selectable resource when listing resources.
NPM shows it as a Cisco device, but does not recognize it as a network device under Hardware Health Overview. Only my Catalyst 3750 switches are recognized as network devices. My ASAs are running ver 9.0(2)
Yeah I am certain that it is. There are a couple of other forums posts around about the same issue.
While I am not an SNMP expert, it looks like there are different MIBs depending on whether or not the ASA is in multi context mode. This table shows that the sysObjectID is ciscoASA5585Ssp60 when in single context mode, and when in multi context mode the sysObjectIDs are ciscoASA5585Ssp60sc and ciscoASA5585Ssp60sy for the security and system contexts, respectively. http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_snmp.html#wp1396944 This chart shows that the MIBs for these objects are different: http://www.oidview.com/mibs/9/CISCO-PRODUCTS-MIB.html Here are the specific polling MIBs for these objects: ciscoASA5585Ssp60 1.3.6.1.4.1.9.1.1197 ciscoASA5585Ssp60sc 1.3.6.1.4.1.9.1.1201 ciscoASA5585Ssp60sy 1.3.6.1.4.1.9.1.1205
I have not heard of anyone doing so.
v/r,
Mike Greene
A couple I've gotten to work are for failover status and global connections.
I opened a TAC case a couple weeks ago for the number of translations used by each PAT address and received this response:
"to monitor the number of translations in use for each PAT address. The OID cfwConnectionStatDescription (1.3.6.1.4.1.9.9.147.1.2.2.2.1.3) does not seem to be supported "
I've verified that OID is not supported in versions 8.2 through 9.1(3).
So it looks like Cisco has identified a number of things to monitor but has not implemented them.
If you want to go walking through the MIB to see what things are supported then I'd start at 1.3.6.1.4.1.9.9.491 (Cisco Unified Firewall MIB).
