06-21-2006 12:40 AM
Hi All,
I have two cisco 2800 routers and they are work as VPN router, terminated on them both static and dynamic VPN-s. IOS: C2801-ADVSECURITYK9-M, 12.4(7). I would like monitor the conncurent crypto session with SNMP. I need just a number of connections, but I couldn't find any SNMP query for this. If you know some solution for my issue please answer.
Thanks in advance,
FCS
Solved! Go to Solution.
06-22-2006 09:57 AM
Hmmm... First try using snmpget to the .0 sub-object instead of snmpwalk.
for example:
snmpget -c community -v version 10.x.x.x cikeGlobalActiveTunnels.0
If it still doesn't work, try using the numeric representation of the OID instead of the textual. They are as follows.
cikeGlobalActiveTunnels - .1.3.6.1.4.1.9.9.171.1.2.1.1.0
cipSecGlobalActiveTunnels -
.1.3.6.1.4.1.9.9.171.1.3.1.1.0
If it still doesn't work, try to walk the following object:
.1.3.6.1.4.1.9.9.171
This will tell you if you have an IPSEC flow monitor MIB available at all in your IOS. I have never used this MIB in the 2800 myself, so I can't be sure that it exists, but it seems that it should.
Best to you,
E
06-21-2006 05:51 AM
There are 2 SNMP objects which can help you. From CISCO-IPSEC-FLOW-MONITOR-MIB.my, there is an object named cikeGlobalActiveTunnels which returns "The number of currently active IPsec Phase-1 IKE Tunnels." For phase-2 tunnels, from the same MIB you can use cipSecGlobalActiveTunnels, which is "The total number of currently active IPsec Phase-2 Tunnels."
If you need the MIB file, you can get it here:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
06-22-2006 06:26 AM
When I try to query the MIB I got the answer that the object is not available. IOS is C2801-ADVSECURITYK9-M, 12.4(7) and I use snmpwalk for query
snmpwalk -v2c -c communty -m cikeGlobalActiveTunnels 10.x.x.x
What can be the problem?
Bye
FCS
06-22-2006 09:57 AM
Hmmm... First try using snmpget to the .0 sub-object instead of snmpwalk.
for example:
snmpget -c community -v version 10.x.x.x cikeGlobalActiveTunnels.0
If it still doesn't work, try using the numeric representation of the OID instead of the textual. They are as follows.
cikeGlobalActiveTunnels - .1.3.6.1.4.1.9.9.171.1.2.1.1.0
cipSecGlobalActiveTunnels -
.1.3.6.1.4.1.9.9.171.1.3.1.1.0
If it still doesn't work, try to walk the following object:
.1.3.6.1.4.1.9.9.171
This will tell you if you have an IPSEC flow monitor MIB available at all in your IOS. I have never used this MIB in the 2800 myself, so I can't be sure that it exists, but it seems that it should.
Best to you,
E
06-22-2006 10:59 PM
Thanks, with OID it works. I can query the number of connections.
bye
FCS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide