Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6865
Views
5
Helpful
3
Replies

OID (MIB) for ASA client and site-to-site sessions

whiteford
Level 1
Level 1

‎06-26-2009 01:45 AM

Hi,

I'm have trying to find the correct OID to display current site-to-site session on our ASA. I have the OID to disply the total number of VPN's (Client and site-to-site) and the OID for just clients, but can't find one to display just the site-to-site connections.

Also has anyone every managed to use an OID to disply the client usernames connected over VPN to the ASA?

Labels:
0 Helpful
3 Replies 3

robertson.michael
Level 3
Level 3

‎06-29-2009 06:09 AM

Hi Andy,

I'm using SNMP to monitor the status of my site-to-site VPNs. I do an snmpwalk on 1.3.6.1.4.1.9.9.171.1.3.2.1.5. This will return a list of hex values which represent the endpoint addresses of the site-to-site tunnels (i.e. C0A80101 = 192.168.1.1). I then use this list to find the index of the tunnel I want to look at and get 1.3.6.1.4.1.9.9.171.1.3.2.1.3. to see the status of the tunnel.

This method is not the most elegant, but it works and I do not believe there is another way (if there is I would love to hear it).

As far as I know, there is no OID to get the remote client's username. You could, however, probably use an expect script to accomplish something like that.

Hope that helps.

-Mike

troyb
Level 1
Level 1
In response to robertson.michael

‎10-17-2018 04:55 PM

Exactly what I was looking for. Thanks. Works perfectly on ASA5505 version 9.1(7)32 but does not work for an ASA5512x virtual instance (context) version 9.8(2)24. The context SNMP data comes back with status for only 1 of the two tunnels.

 

 

 

0 Helpful

merabtavart
Level 1
Level 1

‎07-22-2011 02:14 AM

Hi Andy,

Check

http://www.vpnttg.com/

Advantage   of VPNTTG over other SNMP based monitoring software’s is  following:   Other (commonly used) software’s are working with static OID  numbers,   i.e. whenever tunnel disconnects and reconnects, it gets  assigned a  new  OID number. This means that the historical data, gathered  on the   connection, is lost each time. However, VPNTTG works with VPN  peer’s  IP  address and it stores for each VPN tunnel historical  monitoring  data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents