cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3716
Views
0
Helpful
2
Replies

Using SNMP to monitor bandwidth utilization history on Cisco ASA tunnels

cchughes
Level 1
Level 1

I had this working... I thought. I matched the traffic statistics on one of my Cisco ASA site-site tunnels with the OID:1.3.6.1.4.1.9.9.171.1.4.3.1.1.25.4142 (cipSecTunHistInOctets). I was real proud of myself for a few days until I checked the history and found the OID wasnt working..

After some troubleshooting I found that the last four digits (4142 in this case) change whenever the tunnel drops and re-establishes itself.

Has anyone managed to figure out a way to collect tunnel utilization history on an ASA with SNMP? Is there a different OID I can use thats based on the endpoint IP?

...

2 Replies 2

jsivulka
Level 5
Level 5

The ipsec-flow-monitor-mib should provides more detailed statistics for

ipsec tunnels:

ftp://ftp.cisco.com/pub/mibs/v2/CISCO-IPSEC-FLOW-MONITOR-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/supportlists/pix/pix-supportlist.html

merabtavart
Level 1
Level 1

Check

http://www.vpnttg.com/

Advantage  of VPNTTG over other SNMP based monitoring software’s is  following:  Other (commonly used) software’s are working with static OID  numbers,  i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new  OID number. This means that the historical data, gathered  on the  connection, is lost each time. However, VPNTTG works with VPN  peer’s IP  address and it stores for each VPN tunnel historical  monitoring data  into the SQL server and into the RRD (Round Robin  Database) file.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: