Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Answered Question
Oct 1st, 2009
User Badges:

Hi all!


We have VPN Tunnel's lan-to-lan, between our branch and central site.

We need an IOD to report when a VPN tunnel (connection) down.

This OID: 1.3.6.1.4.1.9.9.171.1.3.1.30, returns the following:

snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30

SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0

snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30

SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0


This 0 number (Counter32: 0) means that all VPN's are active? there was no fall?

This OID serves just what we need?


Details of the OID:

Object: cipSecGlobalSysCapFails

OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Type: Counter32

MIB: CISCO-IPSEC-FLOW-MONITOR-MIB

Description: The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels


Apreciatte any help.

Thank you.

Correct Answer by Joe Clarke about 7 years 7 months ago

No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Thu, 10/01/2009 - 10:34
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This object only shows you one type of tunnel failure. If you want to get a total count of all failures, you need to sum up:


cipSecGlobalInAuthFails

cipSecGlobalOutAuthFails

cipSecGlobalOutEncryptFails

cipSecGlobalProtocolUseFails

cipSecGlobalNoSaFails

cipSecGlobalSysCapFails

jrmalmeida Thu, 10/01/2009 - 12:30
User Badges:

Hi jclarke!


Thanks for the feedback.


This OID's report VPN connections that failed?

For example: I have several VPN connections established in a L2L link, if it falls some connection, I will be informed (with this OID)?

Which of these OID's you recommend I use?


Thak you very much.


Jose Roberto

Joe Clarke Thu, 10/01/2009 - 12:38
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Each of these OIDs track a global IP Sec Phase 2 session failure. If that's what you want to track, then each of these OIDs are required to get the complete count of failures.

jrmalmeida Fri, 10/02/2009 - 04:26
User Badges:

But this OID's are used for connections that are already established? Or they only inform connections that are under negotiation to establish the tunnel?


Thank you.

Correct Answer
Joe Clarke Fri, 10/02/2009 - 09:46
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.

Actions

This Discussion