OID (MIB) for ASA client and site-to-site sessions
I'm have trying to find the correct OID to display current site-to-site session on our ASA. I have the OID to disply the total number of VPN's (Client and site-to-site) and the OID for just clients, but can't find one to display just the site-to-site connections.
Also has anyone every managed to use an OID to disply the client usernames connected over VPN to the ASA?
Re: OID (MIB) for ASA client and site-to-site sessions
I'm using SNMP to monitor the status of my site-to-site VPNs. I do an snmpwalk on 220.127.116.11.18.104.22.168.22.214.171.124.1.5. This will return a list of hex values which represent the endpoint addresses of the site-to-site tunnels (i.e. C0A80101 = 192.168.1.1). I then use this list to find the index of the tunnel I want to look at and get 126.96.36.199.188.8.131.52.184.108.40.206.1.3. to see the status of the tunnel.
This method is not the most elegant, but it works and I do not believe there is another way (if there is I would love to hear it).
As far as I know, there is no OID to get the remote client's username. You could, however, probably use an expect script to accomplish something like that.
Advantage of VPNTTG over other SNMP based monitoring software’s is following: Other (commonly used) software’s are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer’s IP address and it stores for each VPN tunnel historical monitoring data into the SQL server and into the RRD (Round Robin Database) file.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...