06-21-2006 12:40 AM
Hi All,
I have two cisco 2800 routers and they are work as VPN router, terminated on them both static and dynamic VPN-s. IOS: C2801-ADVSECURITYK9-M, 12.4(7). I would like monitor the conncurent crypto session with SNMP. I need just a number of connections, but I couldn't find any SNMP query for this. If you know some solution for my issue please answer.
Thanks in advance,
FCS
Solved! Go to Solution.
06-22-2006 09:57 AM
Hmmm... First try using snmpget to the .0 sub-object instead of snmpwalk.
for example:
snmpget -c community -v version 10.x.x.x cikeGlobalActiveTunnels.0
If it still doesn't work, try using the numeric representation of the OID instead of the textual. They are as follows.
cikeGlobalActiveTunnels - .1.3.6.1.4.1.9.9.171.1.2.1.1.0
cipSecGlobalActiveTunnels -
.1.3.6.1.4.1.9.9.171.1.3.1.1.0
If it still doesn't work, try to walk the following object:
.1.3.6.1.4.1.9.9.171
This will tell you if you have an IPSEC flow monitor MIB available at all in your IOS. I have never used this MIB in the 2800 myself, so I can't be sure that it exists, but it seems that it should.
Best to you,
E
06-21-2006 05:51 AM
There are 2 SNMP objects which can help you. From CISCO-IPSEC-FLOW-MONITOR-MIB.my, there is an object named cikeGlobalActiveTunnels which returns "The number of currently active IPsec Phase-1 IKE Tunnels." For phase-2 tunnels, from the same MIB you can use cipSecGlobalActiveTunnels, which is "The total number of currently active IPsec Phase-2 Tunnels."
If you need the MIB file, you can get it here:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
06-22-2006 06:26 AM
When I try to query the MIB I got the answer that the object is not available. IOS is C2801-ADVSECURITYK9-M, 12.4(7) and I use snmpwalk for query
snmpwalk -v2c -c communty -m cikeGlobalActiveTunnels 10.x.x.x
What can be the problem?
Bye
FCS
06-22-2006 09:57 AM
Hmmm... First try using snmpget to the .0 sub-object instead of snmpwalk.
for example:
snmpget -c community -v version 10.x.x.x cikeGlobalActiveTunnels.0
If it still doesn't work, try using the numeric representation of the OID instead of the textual. They are as follows.
cikeGlobalActiveTunnels - .1.3.6.1.4.1.9.9.171.1.2.1.1.0
cipSecGlobalActiveTunnels -
.1.3.6.1.4.1.9.9.171.1.3.1.1.0
If it still doesn't work, try to walk the following object:
.1.3.6.1.4.1.9.9.171
This will tell you if you have an IPSEC flow monitor MIB available at all in your IOS. I have never used this MIB in the 2800 myself, so I can't be sure that it exists, but it seems that it should.
Best to you,
E
06-22-2006 10:59 PM
Thanks, with OID it works. I can query the number of connections.
bye
FCS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: