10-27-2009 09:52 AM
I have a question related to mib information from Cisco ASA. I am trying to pull current active users from ASA through snmpwalk and I am using "snmpwalk -v 2c -c XXXX 10.1.0.1 1.3.6.1.4.1.9.9.171.1.2.3.1.7
and I got list of ip address, is this really active users? and what is the the diff between active connections/session and active users? even though my question is not related to CW but related to network management. any information highly appreciated.
10-27-2009 09:58 AM
This object is cikeTunRemoteValue which is a unique identifier of the remote tunnel peer. It is typically an IP address, but can also be a hostname.
Typically an active session is the same as an active user. That is, a user is associated with one active session.
10-27-2009 11:10 AM
thanks a lot, the reason I am confused we are monitoring ASA using cacti and template on cacti display active connections/sessions close to 498 but when I run snmpwalk -v 2c -c XXXX 10.161.10.253 1.3.6.1.4.1.9.9.171.1.2.3.1.7
I got 78 ip address. so this is big difference. what's your recommendation which mib is able to pull SSL users from ASA. may be the mib on cacti outdated or something, because I don't think we have 498 connection.
Thanks again!
10-27-2009 11:16 AM
What object you are currently tracking with cacti? It seems to me that if you wanted to know the total of active phase 2 tunnels, you should be using cipSecGlobalActiveTunnels.
10-27-2009 11:32 AM
this is the object cacti tracking currently "1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6" and result is wrong. may be I need to change this OID to cipSecGlobalActiveTunnels? to see the remote users. may be cacti result is transposed the total session and the remote session?
10-27-2009 11:31 AM
That object may be deprecated I believe.
Regarding SSL values over snmp for the sessions:
I had our asa team to file CSCso02912 Session MIB to mirror sh vpn-sessiondb summary Active / Session Info
You can use this for the SSL values. The result of this enhancement bug was the following objects:
This is an enhancement. Added new MIB objects:
crasEmailNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 23 )
crasEmailCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 24 )
crasEmailPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 25 )
crasIPSecNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 26 )
crasIPSecCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 27 )
crasIPSecPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 28)
crasL2LNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 29 )
crasL2LCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 30 )
crasL2LPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 31 )
crasLBNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 32 )
crasLBCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 33 )
crasLBPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 34 )
crasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )
crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )
crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 37)
crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )
crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 39 )
crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 40 )
to CISCO-REMOTE-ACCESS-MONITOR mib to provide sesssion
statistics info. Such the snmp walk
of this mib could get info align with "show vpn-sessiondb"
10-27-2009 11:57 AM
thanks a lot Sir, so which one is for active SSL users? my ipsec traffic working ok, crucially I need the result of active ssl users. thanks again for your expertise and help!!
10-27-2009 01:51 PM
I would suggest the webvpn and SVC.
I suggest you to do an snmpwalk and see the results.
They will be matching the show vpn sessiondb command.
rasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )
crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )
crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 37)
crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )
crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 39 )
crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 40 )
11-11-2009 02:49 AM
hello,
do you have ths SSL OIDS for cisco 2800 series?
thanks
10-27-2009 10:01 AM
What users on the ASA?
What show command do you use on the CLI?
show vpn-sessiondb?
10-27-2009 01:49 PM
I got this error when I use the oid you listed here
snmpwalk -v 2c -c XXXX 10.167.10.253 .1.3.6.1.4.1.9.9.392.1.3.23
the result is
no MIB objects contained under subtree.
do you have any idea? thanks again!
10-27-2009 02:53 PM
You probably dont have currently active Email proxy sessions, hence that is what is returned.
I suggest you walk 1.3.6.1.4.1.9.9.392.1 and then look at the entries you get and compare them to the show command so you understand who is who.
10-28-2009 08:18 AM
thanks, actually the one Mr Clark gave me working exactly what I want "cipSecGlobalActiveTunnels.1.3.6.1.4.1.9.9.171.1.3.1.1" you guys have other OID option on this category? Thank you so very much for you great help!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: