Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Hi all!

We have VPN Tunnel's lan-to-lan, between our branch and central site.

We need an IOD to report when a VPN tunnel (connection) down.

This OID: 1.3.6.1.4.1.9.9.171.1.3.1.30, returns the following:

snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30

SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0

snmpwalk -v 2c -c 'xxxx' 192.168.165.3 1.3.6.1.4.1.9.9.171.1.3.1.30

SNMPv2-SMI::enterprises.9.9.171.1.3.1.30.0 = Counter32: 0

This 0 number (Counter32: 0) means that all VPN's are active? there was no fall?

This OID serves just what we need?

Details of the OID:

Object: cipSecGlobalSysCapFails

OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Type: Counter32

MIB: CISCO-IPSEC-FLOW-MONITOR-MIB

Description: The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels

Apreciatte any help.

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.

6 REPLIES
Cisco Employee

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

This object only shows you one type of tunnel failure. If you want to get a total count of all failures, you need to sum up:

cipSecGlobalInAuthFails

cipSecGlobalOutAuthFails

cipSecGlobalOutEncryptFails

cipSecGlobalProtocolUseFails

cipSecGlobalNoSaFails

cipSecGlobalSysCapFails

New Member

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Hi jclarke!

Thanks for the feedback.

This OID's report VPN connections that failed?

For example: I have several VPN connections established in a L2L link, if it falls some connection, I will be informed (with this OID)?

Which of these OID's you recommend I use?

Thak you very much.

Jose Roberto

Cisco Employee

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Each of these OIDs track a global IP Sec Phase 2 session failure. If that's what you want to track, then each of these OIDs are required to get the complete count of failures.

New Member

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

But this OID's are used for connections that are already established? Or they only inform connections that are under negotiation to establish the tunnel?

Thank you.

Cisco Employee

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

No, these are total global stats for all phase 2 associations. They cover any associated error with a phase 2 tunnel establishment. This would mean that currently established tunnels as well as those which failed to establish would be counted.

New Member

Re: Help with this OID: 1.3.6.1.4.1.9.9.171.1.3.1.30

Hi jclarke!

Thank you very much for the help!

249
Views
0
Helpful
6
Replies