Cisco ASA 5500's and VPN Templates

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
nellson
Posts: 13
Joined: Thu Sep 13, 2007 1:13 pm

Cisco ASA 5500's and VPN Templates

Post by nellson »

I have been told by Cisco that a BUG was files du to the lack of SNMP OID's that reflect what the ADSM and "vpn-sessiondb summary" can give.

Right now it seems to be just for the 8.1+ train which only works on the higher end multi processor ASA's. But will be coming to the basic ASA soon if anyone wants to prepare a creative and sharp looking template.

The BUG ID to read about is: CSCso02912

And the text of it:

Code: Select all

Symptom:
Remote Access Session information available via MIB is not inclusive of all
information available in the 'sh vpn-sessiondb summary' command

This enhancement was performed and new OID's are available for all the
information you want, but you need to be on:
8.1(1.101) or 8.2(0.151)

These are the OID's added:

crasEmailNumSessions (Oid: 1.3.6.1.4.1.9.9.392.1.3.23 )
        crasEmailCumulateSessions (Oid: 1.3.6.1.4.1.9.9.392.1.3.24 )
        crasEmailPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1.
3. 25 )
        crasIPSecNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 26 )
        crasIPSecCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 27
)
        crasIPSecPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1.
3. 28)
        crasL2LNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 29 )
        crasL2LCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 30 )
        crasL2LPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1.
3. 31 )
        crasLBNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 32 )
        crasLBCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 33 )
        crasLBPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3.
34 )
        crasSVCNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 35 )
        crasSVCCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 36 )
        crasSVCPeakConcurrentSessions(Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3.
37)
        crasWebvpnNumSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3. 38 )
        crasWebvpnCumulateSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392. 1. 3.
39 )
        crasWebvpnPeakConcurrentSessions (Oid: 1.3. 6. 1. 4. 1. 9. 9. 392.
1. 3. 40 )
        to CISCO-REMOTE-ACCESS-MONITOR mib to provide sesssion statistics
info.
Such the snmp walk of this mib could get info align with "show
vpn-sessiondb"
[/code]
Top
digitalwav
Posts: 21
Joined: Fri Aug 22, 2008 2:27 pm
Location: New York

Post by digitalwav »

Thank you! I had to write a script to telnet to my ASA and parse out this info from the prompt. Now I'm getting it from snmp.

Thanks!
Top
nellson
Posts: 13
Joined: Thu Sep 13, 2007 1:13 pm

Post by nellson »

You are most welcome, I had the same fight on my hands too..

I am still waiting for this to come to the general ASA series though..
Top
User avatar
EBrander
Cacti User
Posts: 52
Joined: Tue Mar 23, 2004 1:52 pm

Post by EBrander »

When I poll crasL2LNumSessions or crasSVCNumSessions I get double the number of actual connections (using SNMPGet, MRTG, GetIF or Cacti). Anyone else having this issue?
Top
AkosBeginner1
Posts: 3
Joined: Tue May 06, 2014 2:59 pm

Re: Cisco ASA 5500's and VPN Templates

Post by AkosBeginner1 »

You can monitor whatever you want on cisco asa without snmp:
5ipsec_demo.png
5ipsec_demo.png (54.82 KiB) Viewed 2576 times
or asp drops:
asp_drop_demo.png
asp_drop_demo.png (44.08 KiB) Viewed 2576 times
The howto is here:
http://itsecworks.com/2014/05/06/custom ... and-cacti/
Top
Post Reply

Return to “Scripts and Templates”

Who is online

Users browsing this forum: No registered users and 4 guests