cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2515
Views
20
Helpful
12
Replies

net-snmp

raindrop18
Level 1
Level 1

I have a question related to mib information from Cisco ASA. I am trying to pull current active users from ASA through snmpwalk and I am using "snmpwalk -v 2c -c XXXX 10.1.0.1 1.3.6.1.4.1.9.9.171.1.2.3.1.7

and I got list of ip address, is this really active users? and what is the the diff between active connections/session and active users? even though my question is not related to CW but related to network management. any information highly appreciated.

12 Replies 12

Joe Clarke
Cisco Employee
Cisco Employee

This object is cikeTunRemoteValue which is a unique identifier of the remote tunnel peer. It is typically an IP address, but can also be a hostname.

Typically an active session is the same as an active user. That is, a user is associated with one active session.

thanks a lot, the reason I am confused we are monitoring ASA using cacti and template on cacti display active connections/sessions close to 498 but when I run snmpwalk -v 2c -c XXXX 10.161.10.253 1.3.6.1.4.1.9.9.171.1.2.3.1.7

I got 78 ip address. so this is big difference. what's your recommendation which mib is able to pull SSL users from ASA. may be the mib on cacti outdated or something, because I don't think we have 498 connection.

Thanks again!

What object you are currently tracking with cacti? It seems to me that if you wanted to know the total of active phase 2 tunnels, you should be using cipSecGlobalActiveTunnels.

this is the object cacti tracking currently "1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6" and result is wrong. may be I need to change this OID to cipSecGlobalActiveTunnels? to see the remote users. may be cacti result is transposed the total session and the remote session?

That object may be deprecated I believe.

Regarding SSL values over snmp for the sessions:

I had our asa team to file CSCso02912 Session MIB to mirror sh vpn-sessiondb summary Active / Session Info

You can use this for the SSL values. The result of this enhancement bug was the following objects:

This is an enhancement. Added new MIB objects:

crasEmailNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 23 )

crasEmailCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 24 )

crasEmailPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 25 )

crasIPSecNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 26 )

crasIPSecCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 27 )

crasIPSecPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 28)

crasL2LNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 29 )

crasL2LCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 30 )

crasL2LPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 31 )

crasLBNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 32 )

crasLBCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 33 )

crasLBPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 34 )

crasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )

crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )

crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 37)

crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )

crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 39 )

crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 40 )

to CISCO-REMOTE-ACCESS-MONITOR mib to provide sesssion

statistics info. Such the snmp walk

of this mib could get info align with "show vpn-sessiondb"

thanks a lot Sir, so which one is for active SSL users? my ipsec traffic working ok, crucially I need the result of active ssl users. thanks again for your expertise and help!!

I would suggest the webvpn and SVC.

I suggest you to do an snmpwalk and see the results.

They will be matching the show vpn sessiondb command.

rasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )

crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )

crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 37)

crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )

crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 39 )

crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 40 )

hello,

do you have ths SSL OIDS for cisco 2800 series?

thanks

Lucien Avramov
Level 10
Level 10

What users on the ASA?

What show command do you use on the CLI?

show vpn-sessiondb?

I got this error when I use the oid you listed here

snmpwalk -v 2c -c XXXX 10.167.10.253 .1.3.6.1.4.1.9.9.392.1.3.23

the result is

no MIB objects contained under subtree.

do you have any idea? thanks again!

You probably dont have currently active Email proxy sessions, hence that is what is returned.

I suggest you walk 1.3.6.1.4.1.9.9.392.1 and then look at the entries you get and compare them to the show command so you understand who is who.

thanks, actually the one Mr Clark gave me working exactly what I want "cipSecGlobalActiveTunnels.1.3.6.1.4.1.9.9.171.1.3.1.1" you guys have other OID option on this category? Thank you so very much for you great help!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: