Monitoring ASA VPN sessions

Love what you have done. Can you provide more details so I can try to duplicate on my end.

Sure, it all starts with a MIB Walk, or MIB View, etc. I used the MIB Walk in the Engineer Toolset to target my ASA's internal interface. I found the section of OID's that showed RAS sessions and IPSEC Sessions. I found both remote access clients and ipsec tunnels under the crasGroup of OID's. Once i found them I saw the values they returned was in fact my current vpn sessions that I knew about. One caveat though. My cisco vpn client users, only show up as the group name that i defined in the ASA Remote Access policy. In my case they all show up the same. Currently I haven't figured out how to show the username. That would be fantastic but its one step at a time for me right now.

Next you go to the Universal Device Poller app on the NPM server. Create a new poller and then add in the OID. Notice how the description of the OID changes and gets more specific as you type the OID. You will reach a point in the OID that you should stop. See my screenshot of the OID to use. I continued by setting up the MIB Value type. Choose table and if you don't want the raw value's displayed on the web page then you need to choose enumerate and then the "Map Value" to change the raw value to something that is meaningful to display. In my case it was the how I know the remote location, not its raw session ID. Next your way through the UDP creation and assign it to the device you want to poll. The Web display should be set to table as in my case. by default it will go at the bottom of the device details page on the left side. You can change this in the Admin though.

My screenshots below should help with the setup. It all begins though with a MIB Walk, and make sure you get the latest MIB file from Solarwinds. You will want it so it can recognize the OID's.

I also created a poller that displays a vpn session count and puts it in a chart so I can see a graph of the active vpn client connections. Having that graphed can also give you historical data, just like the built in node interface graphs. Hope this helps.

ASA 5520, 8.0(4)

I'll upload the UndP file shortly. For the sake of Security I replaced my remote locations with x's in the emulation table. You will need to replace those with your IPSec tunnels that you know are static. As for the vpn client users, you will want to enter your vpn group for the value. I also included the session duration and the tranform calculations to minutes, hours, days.

Anyone have a clue as to my initial problem?

why won't the table display in the web site when new sessions are created. I have to frequently edit the table and check mark the "All" box to display all rows. The snmp poller is working fine, its the table in the web page.

I talked to Support about this and showed them the problem. After discussing it with their development team, they have determined that there is a bug and will be looking into it. Because this is is not affecting everyone, simply because this is a custom poller that allowed me to expose this vulmerability, they probably will not be getting to it right away.

So if you're downloading my UnDP from the context exchange, keep in mind that new ipsec sessions that are created will not be displayed until you edit the table and check mark all. You will have to continue to do this until Solarwinds fixes this bug. Bummer !!!!

" Another wierd thing that is happening. See the Hours, Days, and Minutes in the table? I created those as "Transform Results" in the Universal Device Poller. I did a calculation on the ASA's vpn session duration(Which is only in seconds) to convert it to hours, days, minutes of each session. For some strange reason, the Hours column is being placed between the Session Names and not over with the Days and Minutes column. I created those three at the same time and the Minutes and Days show up on the far right of the table but as soon as I select the Hours column to be displayed, it gets put over in the wrong place. This is irritating to look at more than anything else. Wouldn't you like to see Days, Hours, and Minutes all next to each other. Gee that would be nice......and professional looking. Something is making it not behave. Any thoughts."

I have this same issue with a undp of mine. See screenshot. I would like to also arrange these more sensibly, and have tried many ways to do so with no effect.

I too tried just about everything that seemed to make sense to try. I ran out of ideas and started trying things that didn't make sense. I found something that fixed it for me. I clicked on edit, then unchecked the first column that is to be displayed, the one that has the word -Label in the column name. Don't worry that won't stop the table, it will just eliminate that column. As soon as I did that, the hours, minutes, days were on the right and my VPN Session names were on the left. It seemed to work itself out.

There obviously some sort of sorting logic built into that custom pollers table that can't be found.

Try what I did, start eliminating come of the columns that you can do with out, like that first one. The other columns will still be there and maybe that will give you the results you're looking for.

Hi BavautoM3,

Can you please post your UDP?

I am also trying to figure out how to get the username as that is the only OID which says not supported and couldn't get that information at all?

Thanks

Chandru

My UnDP was posted on the Context Exchange. I have the same problem with the username. I haven't really looked more into it since I've been battling with my initial issue with the custom poller, which turned out to be a bug according to Solarwinds support and dev team.