Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1285
Views
0
Helpful
6
Replies

Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Go to solution
jrmalmeida
Level 1
Level 1

‎10-01-2009 07:39 AM

Hi all!

We have VPN Tunnel's lan-to-lan, between our branch and central site.

We need an IOD to report when a VPN tunnel (connection) down.

This OID: 1.3.6.1.4.1.9.9.171.1.3.1.30, returns the following:

snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30

SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0

snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30

SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0

This 0 number (Counter32: 0) means that all VPN's are active? there was no fall?

This OID serves just what we need?

Details of the OID:

Object: cipSecGlobalSysCapFails

OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Type: Counter32

MIB: CISCO-IPSEC-FLOW-MONITOR-MIB

Description: The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels

Apreciatte any help.

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jrmalmeida

‎10-02-2009 09:46 AM

No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎10-01-2009 10:34 AM

This object only shows you one type of tunnel failure. If you want to get a total count of all failures, you need to sum up:

cipSecGlobalInAuthFails

cipSecGlobalOutAuthFails

cipSecGlobalOutEncryptFails

cipSecGlobalProtocolUseFails

cipSecGlobalNoSaFails

cipSecGlobalSysCapFails

0 Helpful

Go to solution
jrmalmeida
Level 1
Level 1
In response to Joe Clarke

‎10-01-2009 12:30 PM

Hi jclarke!

Thanks for the feedback.

This OID's report VPN connections that failed?

For example: I have several VPN connections established in a L2L link, if it falls some connection, I will be informed (with this OID)?

Which of these OID's you recommend I use?

Thak you very much.

Jose Roberto

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jrmalmeida

‎10-01-2009 12:38 PM

Each of these OIDs track a global IP Sec Phase 2 session failure. If that's what you want to track, then each of these OIDs are required to get the complete count of failures.

0 Helpful

Go to solution
jrmalmeida
Level 1
Level 1
In response to Joe Clarke

‎10-02-2009 04:26 AM

But this OID's are used for connections that are already established? Or they only inform connections that are under negotiation to establish the tunnel?

Thank you.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jrmalmeida

‎10-02-2009 09:46 AM

No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.

0 Helpful

Go to solution
jrmalmeida
Level 1
Level 1
In response to Joe Clarke

‎10-02-2009 11:29 AM

Hi jclarke!

Thank you very much for the help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents