About monitoring of Anyconnect Stats on Cisco ASA 5540
I have been spending the past three weeks in order to locate a proper oid for AnyConnect VPN stats. My aim is simple, to gather the total number of active users and the total amount of the traffic generated.
The oid I used for the active users is:
which works perfectly fine. However, I came into a mysterious situation.
I tried crasGlobalInPkts and crasGlobalOutPkts but both of them always showed 0 from a snmpwalk.
Then I used alSslStatsPreDecryptOctets and alSslStatsPreEncryptOctets and they did produce figures from polls. However, the figures incremented at a steady ratio in spite of the number of current active users. I have manually added the number of octets for all users (show vpn-sessiondb svc) and apparently the delta value and the summed value didn't match, nor did the total value matched those from show crypto ssl mib.
I was disappointed and desperate. Could anyone help? I just want to report on the total amount of svc traffic for AnyConnect on ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...