Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3097
Views
0
Helpful
4
Replies

Check concurrent VPN connections with SNMP

Go to solution
farkascsgy
Level 4
Level 4

‎06-21-2006 12:40 AM

Hi All,

I have two cisco 2800 routers and they are work as VPN router, terminated on them both static and dynamic VPN-s. IOS: C2801-ADVSECURITYK9-M, 12.4(7). I would like monitor the conncurent crypto session with SNMP. I need just a number of connections, but I couldn't find any SNMP query for this. If you know some solution for my issue please answer.

Thanks in advance,

FCS

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ewelz
Level 1
Level 1
In response to farkascsgy

‎06-22-2006 09:57 AM

Hmmm... First try using snmpget to the .0 sub-object instead of snmpwalk.

for example:

snmpget -c community -v version 10.x.x.x cikeGlobalActiveTunnels.0

If it still doesn't work, try using the numeric representation of the OID instead of the textual. They are as follows.

cikeGlobalActiveTunnels - .1.3.6.1.4.1.9.9.171.1.2.1.1.0

cipSecGlobalActiveTunnels -

.1.3.6.1.4.1.9.9.171.1.3.1.1.0

If it still doesn't work, try to walk the following object:

.1.3.6.1.4.1.9.9.171

This will tell you if you have an IPSEC flow monitor MIB available at all in your IOS. I have never used this MIB in the 2800 myself, so I can't be sure that it exists, but it seems that it should.

Best to you,

E

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ewelz
Level 1
Level 1

‎06-21-2006 05:51 AM

There are 2 SNMP objects which can help you. From CISCO-IPSEC-FLOW-MONITOR-MIB.my, there is an object named cikeGlobalActiveTunnels which returns "The number of currently active IPsec Phase-1 IKE Tunnels." For phase-2 tunnels, from the same MIB you can use cipSecGlobalActiveTunnels, which is "The total number of currently active IPsec Phase-2 Tunnels."

If you need the MIB file, you can get it here:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

0 Helpful

Go to solution
farkascsgy
Level 4
Level 4
In response to ewelz

‎06-22-2006 06:26 AM

When I try to query the MIB I got the answer that the object is not available. IOS is C2801-ADVSECURITYK9-M, 12.4(7) and I use snmpwalk for query

snmpwalk -v2c -c communty -m cikeGlobalActiveTunnels 10.x.x.x

What can be the problem?

Bye

FCS

0 Helpful

Go to solution
ewelz
Level 1
Level 1
In response to farkascsgy

‎06-22-2006 09:57 AM

Hmmm... First try using snmpget to the .0 sub-object instead of snmpwalk.

for example:

snmpget -c community -v version 10.x.x.x cikeGlobalActiveTunnels.0

If it still doesn't work, try using the numeric representation of the OID instead of the textual. They are as follows.

cikeGlobalActiveTunnels - .1.3.6.1.4.1.9.9.171.1.2.1.1.0

cipSecGlobalActiveTunnels -

.1.3.6.1.4.1.9.9.171.1.3.1.1.0

If it still doesn't work, try to walk the following object:

.1.3.6.1.4.1.9.9.171

This will tell you if you have an IPSEC flow monitor MIB available at all in your IOS. I have never used this MIB in the 2800 myself, so I can't be sure that it exists, but it seems that it should.

Best to you,

E

0 Helpful

Go to solution
farkascsgy
Level 4
Level 4
In response to ewelz

‎06-22-2006 10:59 PM

Thanks, with OID it works. I can query the number of connections.

bye

FCS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents