Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1093
Views
0
Helpful
1
Replies

ASA IPSec traps

mo_sjones
Level 1
Level 1

‎11-12-2013 04:42 AM

Hi,

I'm trying to report on meaningful IPSecTunnelStop/Start traps from our ASA5540 & 5580 so our nms can report more indepth tunnel alerts. As far as I can see, the correct MIB (CISCO-IPSEC-FLOW-MONITOR-MIB.my) is loaded on our nms (Zenoss).  But, when we initiate a tunnel drop we receive a trap from the ASA that the NMS doesn't know, so classes the trap as 'Unknown' :

Resource:<dev name>
Component:
Event Class:/Unknown
Status:New
Message:snmp trap ciscoMgmt.171.2.8

The trap we should be seeing when the tunnel drops, or at least what's in the IPSEC-FLOW mib is ciscoMgmt.171.2.0.8 :

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.171.2.0.8

I've been unsucessful in finding these 171.2.0.x OIDs, does anyone have any idea why the ASA would be sending these traps?

The ASAs are running 8.2(5)

Thanks

sjones

Labels:
0 Helpful
1 Reply 1

Chris McGarrah
Level 1
Level 1

‎11-14-2013 10:47 AM

Is it possible that the trap is being sourced from a different interface on the ASA than the one by which your NMS "knows" the ASA ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents