I have found a hint that might help. All packet and byte counters for all VLAN interfaces are the same as the physical interface. It seems that the correct counts that respresent the "inside" interface are replicated over all logical VLAN interfaces without taking into consideration each interface traffic independently.
I am having the same problem with a firewall which has been upgraded from 6.3 to 7.0(1) All VLAN interfaces are returning the interface statistics from the physical interface. Under 6.3 all VLANs returned individual statistics. The SNMP utility identifies the VLAN interfaces correctly. ThereforeI suspect something has changed in the SNMP implementation in 7.0(1) but I don't know how to go about investigating further.
I wish I could help more, but it may be useful to include details of the setups. This might help to eliminate potential issues, or highlight others.
Our setup is as follows:
PIX 515 running 7.0(1)
6 physical interfaces, one of these has 4 VLANs configured.
Collecting and graphing statistics using Cacti 0.8.5 running on RH9. I was considering upgrading Cacti, but I'm holding off because I feel the issue is more likely to be with the PIX code.
I've checked open and closed cavaets for 7.0(X) but can't see anything relevant.
After wasting days and hours, it was a bug in OS 7.0(1); thanks God we had a support contract for this specific unit and Cisco TAC investigated the issue and returned saying that this is an "internal" bug and it is not reported in the bug list for each release.
You need to upgade to PIX OS 7.0(4) and also you can have the ASDM 5.0(4).
I have upgraded my unit and MRTG is showing non-CRAZY figures again ... ;-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...