Cisco ASA SSL Template

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
Djiguidjik
Posts: 35
Joined: Tue Sep 29, 2009 4:36 am

Cisco ASA SSL Template

Post by Djiguidjik »

Hi!

I've been searching for a lot of time for a template to get statistics about SSL VPN in Cisco ASA but I can't find anything...Does anyone got that ?
I don't really know Scripts or Cacti or Perl, so I've been trying to code something for a few days but I can't get anything to work...
Need some help please :cry: :-?
Djiguidjik
Posts: 35
Joined: Tue Sep 29, 2009 4:36 am

Post by Djiguidjik »

Finally, I've done it myself !

Here's my template. It works for me for ASA 5540. I've included stats for SSL connections and E-Mail proxy Connections.
Attachments
cacti_graph_template_cisco_asa_-_ssl_tunnels.xml
(18.52 KiB) Downloaded 1654 times
Cool Graph !
Cool Graph !
SSL.jpg (43.97 KiB) Viewed 15603 times
riffy99
Posts: 9
Joined: Fri Sep 25, 2009 6:41 am
Location: Woking UK

Post by riffy99 »

Hi, This is exactly what I'm after but unfortuantely it's not worked for me.
I'm just getting no data. Graph displays but with no values (there are connections!)

I'v not had a chance to fully look into this but I'll try over the next day or so.

Rich
Djiguidjik
Posts: 35
Joined: Tue Sep 29, 2009 4:36 am

Post by Djiguidjik »

Hi !

Glad I could help.

If it's not working you can try do it on your own.
Basically what you have to do is to create a new Data Source using the "SNMP - Generic OID Template", you have to use the OID : .1.3.6.1.4.1.9.9.392.1.3.38.0
This will get you your SSL stats. I think it's not working because of the SNMP Community I use.

After that you create a Graph based on the Graph Generic SNMP and it should work :)!
User avatar
_raindrop18
Cacti User
Posts: 194
Joined: Thu Jan 29, 2009 5:52 pm
Location: US

Post by _raindrop18 »

I like this template idea, the problem is no data even though remove the ip and snmp and replaced with mine. can you tell me please how you created this graph step by step. I have also no response from snmpwalk I got this error "MIB objects contained under subtree" is this OID ".1.3.6.1.4.1.9.9.392.1.3.38.0" working for anybody?
your time and help highly appreciated. I need it desperately. or any one has same template for Cisco ASA 5540.
riffy99
Posts: 9
Joined: Fri Sep 25, 2009 6:41 am
Location: Woking UK

Post by riffy99 »

Hi, I've revisited this and I'm pleased to say it's working :D

_raindrop18

I'm using the oid 1.3.6.1.4.1.9.9.392.1.3.1.0
Try the command snmpget -c 'COMMUNITY' -v 1 IPADDRESS 1.3.6.1.4.1.9.9.392.1.3.1.0

change the -v 1 to -v 2c if you are using snmp version 2. This should return the SSL connections
dmn49
Posts: 2
Joined: Tue Apr 20, 2010 2:31 am

Post by dmn49 »

I wonder. How to add the IP address information of the current SSL connection(s) and login(s) on the graph? In my opinion it is useful.
ystek
Posts: 1
Joined: Wed Dec 08, 2010 6:10 pm

Re: Cisco ASA SSL Template

Post by ystek »

Anyone else get a decimal value after using the Generic OID template for this?? I would think that there would be whole numbers...
Djiguidjik
Posts: 35
Joined: Tue Sep 29, 2009 4:36 am

Re: Cisco ASA SSL Template

Post by Djiguidjik »

Hi,

Since a lot of people couldn't use my previous template i've done it again but i tried to respect the right creation process and to improve it a little bit...
So basically what i've done is that i've cloned the Generic OID data template (it's in all cacti base installation) and i've put the OID : ".1.3.6.1.4.1.9.9.392.1.3.35.0" for AnyConnect Connections and ".1.3.6.1.4.1.9.9.392.1.3.38.0" for WebVPN Sessions". So I've created two new Data template.
After that I created a new Graph template (in fact i've just cloned the "Active VPN Tunnels" Graph template) and put my two new Data templates as sources of the new graph. In each item i've put the right operation (average, current)...And that's all :)!
I've attached a screenshot (but i had just finished my graph) and all the templates (data source and graphs)
You only need to import the graph in order to make it work but if you want to create your own graph i've attached separately the data templates....

Hope it will help you.
Attachments
Cacti Cisco ASA SSL Templates.zip
All the templates
(6.47 KiB) Downloaded 733 times
Up to Date template!
Up to Date template!
SSL Template.jpg (62.74 KiB) Viewed 10385 times
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests