Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

net-snmp

I have a question related to mib information from Cisco ASA. I am trying to pull current active users from ASA through snmpwalk and I am using "snmpwalk -v 2c -c XXXX 10.1.0.1 1.3.6.1.4.1.9.9.171.1.2.3.1.7

and I got list of ip address, is this really active users? and what is the the diff between active connections/session and active users? even though my question is not related to CW but related to network management. any information highly appreciated.

12 REPLIES
Cisco Employee

Re: net-snmp

This object is cikeTunRemoteValue which is a unique identifier of the remote tunnel peer. It is typically an IP address, but can also be a hostname.

Typically an active session is the same as an active user. That is, a user is associated with one active session.

Community Member

Re: net-snmp

thanks a lot, the reason I am confused we are monitoring ASA using cacti and template on cacti display active connections/sessions close to 498 but when I run snmpwalk -v 2c -c XXXX 10.161.10.253 1.3.6.1.4.1.9.9.171.1.2.3.1.7

I got 78 ip address. so this is big difference. what's your recommendation which mib is able to pull SSL users from ASA. may be the mib on cacti outdated or something, because I don't think we have 498 connection.

Thanks again!

Cisco Employee

Re: net-snmp

What object you are currently tracking with cacti? It seems to me that if you wanted to know the total of active phase 2 tunnels, you should be using cipSecGlobalActiveTunnels.

Community Member

Re: net-snmp

this is the object cacti tracking currently "1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6" and result is wrong. may be I need to change this OID to cipSecGlobalActiveTunnels? to see the remote users. may be cacti result is transposed the total session and the remote session?

Re: net-snmp

That object may be deprecated I believe.

Regarding SSL values over snmp for the sessions:

I had our asa team to file CSCso02912 Session MIB to mirror sh vpn-sessiondb summary Active / Session Info

You can use this for the SSL values. The result of this enhancement bug was the following objects:

This is an enhancement. Added new MIB objects:

crasEmailNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 23 )

crasEmailCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 24 )

crasEmailPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 25 )

crasIPSecNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 26 )

crasIPSecCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 27 )

crasIPSecPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 28)

crasL2LNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 29 )

crasL2LCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 30 )

crasL2LPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 31 )

crasLBNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 32 )

crasLBCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 33 )

crasLBPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 34 )

crasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )

crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )

crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 37)

crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )

crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 39 )

crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 40 )

to CISCO-REMOTE-ACCESS-MONITOR mib to provide sesssion

statistics info. Such the snmp walk

of this mib could get info align with "show vpn-sessiondb"

Community Member

Re: net-snmp

thanks a lot Sir, so which one is for active SSL users? my ipsec traffic working ok, crucially I need the result of active ssl users. thanks again for your expertise and help!!

Re: net-snmp

I would suggest the webvpn and SVC.

I suggest you to do an snmpwalk and see the results.

They will be matching the show vpn sessiondb command.

rasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )

crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )

crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 37)

crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )

crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 39 )

crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 40 )

Community Member

Re: net-snmp

hello,

do you have ths SSL OIDS for cisco 2800 series?

thanks

Re: net-snmp

What users on the ASA?

What show command do you use on the CLI?

show vpn-sessiondb?

Community Member

Re: net-snmp

I got this error when I use the oid you listed here

snmpwalk -v 2c -c XXXX 10.167.10.253 .1.3.6.1.4.1.9.9.392.1.3.23

the result is

no MIB objects contained under subtree.

do you have any idea? thanks again!

Re: net-snmp

You probably dont have currently active Email proxy sessions, hence that is what is returned.

I suggest you walk 1.3.6.1.4.1.9.9.392.1 and then look at the entries you get and compare them to the show command so you understand who is who.

Community Member

Re: net-snmp

thanks, actually the one Mr Clark gave me working exactly what I want "cipSecGlobalActiveTunnels.1.3.6.1.4.1.9.9.171.1.3.1.1" you guys have other OID option on this category? Thank you so very much for you great help!!!

1484
Views
20
Helpful
12
Replies
CreatePlease to create content