OID (MIB) for ASA client and site-to-site sessions

Unanswered Question
Jun 26th, 2009
User Badges:

Hi,


I'm have trying to find the correct OID to display current site-to-site session on our ASA. I have the OID to disply the total number of VPN's (Client and site-to-site) and the OID for just clients, but can't find one to display just the site-to-site connections.


Also has anyone every managed to use an OID to disply the client usernames connected over VPN to the ASA?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Mon, 06/29/2009 - 06:09
User Badges:
  • Silver, 250 points or more

Hi Andy,


I'm using SNMP to monitor the status of my site-to-site VPNs. I do an snmpwalk on 1.3.6.1.4.1.9.9.171.1.3.2.1.5. This will return a list of hex values which represent the endpoint addresses of the site-to-site tunnels (i.e. C0A80101 = 192.168.1.1). I then use this list to find the index of the tunnel I want to look at and get 1.3.6.1.4.1.9.9.171.1.3.2.1.3. to see the status of the tunnel.


This method is not the most elegant, but it works and I do not believe there is another way (if there is I would love to hear it).


As far as I know, there is no OID to get the remote client's username. You could, however, probably use an expect script to accomplish something like that.


Hope that helps.


-Mike

merabtavart Fri, 07/22/2011 - 02:14
User Badges:

Hi Andy,


Check

http://www.vpnttg.com/


Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.


HTH

Actions

This Discussion