Monitoring ASA 5510 Tunnels

Unanswered Question
Sep 23rd, 2008
User Badges:


I'm trying to monitor Tunnels activity. We want to gather statistics like bandwidth utilization per Tunnel and in the case of Remote Access also the user name associated with a tunnel. All this via SNMP

I've browse through the Cisco-IPSec-Flow MIB and found the TunnelTable, this seems to provide everything I need in Regards to Tunnels, I just need a tip in how to calculate or obtain the bytes Tx and Rx. I can obtain packets and Octets amounts but not actual bytes. Is there another OID I should be inquiring?

In regard to Remote Access I found the CRASSessionTable From here I can obtain the Group associated with the tunnel and I should be able to obtain the User name through the OID, but I'm getting an UnSupported response when querying this particular OID.

Anyone knows what OID can provide the User name?

I know that Cisco Performance Monitor can in fact obtain all that info from the ASA so there must be an appropriate OID I can query to obtain this particular info.

Many Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cbulleri Mon, 09/29/2008 - 08:45
User Badges:

You are correct, that is the OID that should contain the User name, but when I querie it I get and OID unsupported response.

Is there a problem with the IOS version? Or an I missing something else?

merabtavart Fri, 07/22/2011 - 02:09
User Badges:


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.



This Discussion