I've been doing some reading around and it appears to be reasonably simple to monitor the connection rate and total connections through an ASA. However, I'm looking to be able to monitor the number of connections and their states at a given time - i.e. as per the output available from'show conn'
Has anyone achieved this using this using SNMP? I've not managed to spot a OID that would make this available?
As a last resort I could script this via SSH etc but it's not really the most elegant of solutions :-)
I dont have an ASA to try this on, but I believe the CISCO-FIREWALL-MIB would be the one you need. Specifically, the cfwConnectionStatTable (188.8.131.52.184.108.40.206.220.127.116.11.2), looks like the one which will contain information on each connection, similar to the "show conn" CLI command.
Thanks for the response. Unfortunately that OID gives the current & max count of connections but does not actually return the state of those connections -
[XXXXXXX@xxx-xxxx-xxxxx-001 ~]$ snmpwalk -v 2c -r 1 -t 1 -c xxxxxxxxx xxx.xx.xx.xxx 18.104.22.168.22.214.171.124.126.96.36.199.2 SNMPv2-SMI::enterprises.188.8.131.52.184.108.40.206.3.40.6 = STRING: "number of connections currently in use by the entire firewall" SNMPv2-SMI::enterprises.220.127.116.11.18.104.22.168.3.40.7 = STRING: "highest number of connections in use at any one time since system startup" SNMPv2-SMI::enterprises.22.214.171.124.126.96.36.199.4.40.6 = Counter32: 0 SNMPv2-SMI::enterprises.188.8.131.52.184.108.40.206.4.40.7 = Counter32: 0 SNMPv2-SMI::enterprises.220.127.116.11.18.104.22.168.5.40.6 = Gauge32: 8681 SNMPv2-SMI::enterprises.22.214.171.124.126.96.36.199.5.40.7 = Gauge32: 8716 [XXXXXXX@xxx-xxxx-xxxxx-001 ~]$
I may need to look at options for scripting this via the CLI.
Question I am having trouble pulling DHCP from a given network. I am fairly new at DHCP servers and I am trying to understand how IP addresses work within these servers. The objective is to give DHCP to my 6 PC's on my main network. I can either...
Hello, I was doing a packet tracer lab. Everything was fine, working, then suddenly it freezed. I closed the window. Now everytime I open this file, it freezes. I uninstalled it and reinstall, still the same. Tried with an older version, keeps crashi...
Can someone share me the test cases related to SDA after migrating the site from traditional network to SDA network. what test point should be considered/tested after the migrating on SDA network. Please share the test case point.
Hello Everyone Can you help with a query regarding the Cisco Catalyst 9200. Cisco documentation states the following regarding the Catalyst 9200: "For Catalyst 9200 Series switches the maximum is 4 VRFs on the modular models and 1 VRF on fi...
As a system administrator, you want to plan for potential hardware or VNF software failures. After a service chain is deployed, you can create a backup.
In the event of ENCS hardware failure, Backup/Restore procedure can be used ...