Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1169
Views
0
Helpful
1
Replies

monitoring FTD 2110 IPSec using SNMP MIB

Qays
Level 1
Level 1

‎08-31-2021 10:26 AM

Hi

I have Cisco Firepower 2110 and I want to monitor VPNs I tried (CISCO-IPSEC-FLOW-MONITOR-MIB) it didn't work for me 

I tested it as shown

snmpwalk -v3 -l authPriv -u USER -a SHA -A "PASSWORD" -x AES -X "PASSWORD" 10.10.10.10 CISCO-IPSEC-FLOW-MONITOR-MIB::cikeTunLocalValue
CISCO-IPSEC-FLOW-MONITOR-MIB::cikeTunLocalValue = No Such Instance currently exists at this OID

so I tried to retrieve tunnels using ( CISCO-REMOTE-ACCESS-MONITOR-MIB)

I tested it as shown

note: the fields contained example values 

 snmpwalk -v3 -l authPriv -u USER -a SHA -A "PASSWORD" -x AES -X "PASSWORD" 10.10.10.10 CISCO-REMOTE-ACCESS-MONITOR-MIB::crasGroup
CISCO-REMOTE-ACCESS-MONITOR-MIB::crasGroup."1.1.1.1".735416321 = STRING: 1.1.1.1
CISCO-REMOTE-ACCESS-MONITOR-MIB::crasGroup."2.2.2.2".744243201 = STRING: 2.2.2.2
CISCO-REMOTE-ACCESS-MONITOR-MIB::crasGroup."3.3.3.3".735330305 = STRING: 3.3.3.3
but the problem here is that the ( CISCO-REMOTE-ACCESS-MONITOR-MIB) didn't get all active IPSec tunnles

 

I need advice on how to monitor IPSec VPNs using SNMP

 

Thanks

Labels:
0 Helpful
1 Reply 1

vpnttg001
Level 1
Level 1

‎03-25-2024 08:22 AM

Hello,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is following: Other (commonly used) software's are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer's IP address and it stores for each VPN tunnel historical monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com

0 Helpful
Customers Also Viewed These Support Documents