10-01-2009 07:39 AM
Hi all!
We have VPN Tunnel's lan-to-lan, between our branch and central site.
We need an IOD to report when a VPN tunnel (connection) down.
This OID: 1.3.6.1.4.1.9.9.171.1.3.1.30, returns the following:
snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30
SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0
snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30
SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0
This 0 number (Counter32: 0) means that all VPN's are active? there was no fall?
This OID serves just what we need?
Details of the OID:
Object: cipSecGlobalSysCapFails
OID: 1.3.6.1.4.1.9.9.171.1.3.1.30
Type: Counter32
MIB: CISCO-IPSEC-FLOW-MONITOR-MIB
Description: The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels
Apreciatte any help.
Thank you.
Solved! Go to Solution.
10-02-2009 09:46 AM
No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.
10-01-2009 10:34 AM
This object only shows you one type of tunnel failure. If you want to get a total count of all failures, you need to sum up:
cipSecGlobalInAuthFails
cipSecGlobalOutAuthFails
cipSecGlobalOutEncryptFails
cipSecGlobalProtocolUseFails
cipSecGlobalNoSaFails
cipSecGlobalSysCapFails
10-01-2009 12:30 PM
Hi jclarke!
Thanks for the feedback.
This OID's report VPN connections that failed?
For example: I have several VPN connections established in a L2L link, if it falls some connection, I will be informed (with this OID)?
Which of these OID's you recommend I use?
Thak you very much.
Jose Roberto
10-01-2009 12:38 PM
Each of these OIDs track a global IP Sec Phase 2 session failure. If that's what you want to track, then each of these OIDs are required to get the complete count of failures.
10-02-2009 04:26 AM
But this OID's are used for connections that are already established? Or they only inform connections that are under negotiation to establish the tunnel?
Thank you.
10-02-2009 09:46 AM
No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.
10-02-2009 11:29 AM
Hi jclarke!
Thank you very much for the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide