I've been doing some reading around and it appears to be reasonably simple to monitor the connection rate and total connections through an ASA. However, I'm looking to be able to monitor the number of connections and their states at a given time - i.e. as per the output available from'show conn'
Has anyone achieved this using this using SNMP? I've not managed to spot a OID that would make this available?
As a last resort I could script this via SSH etc but it's not really the most elegant of solutions :-)
I dont have an ASA to try this on, but I believe the CISCO-FIREWALL-MIB would be the one you need. Specifically, the cfwConnectionStatTable (184.108.40.206.220.127.116.11.18.104.22.168.2), looks like the one which will contain information on each connection, similar to the "show conn" CLI command.
Thanks for the response. Unfortunately that OID gives the current & max count of connections but does not actually return the state of those connections -
[XXXXXXX@xxx-xxxx-xxxxx-001 ~]$ snmpwalk -v 2c -r 1 -t 1 -c xxxxxxxxx xxx.xx.xx.xxx 22.214.171.124.126.96.36.199.188.8.131.52.2 SNMPv2-SMI::enterprises.184.108.40.206.220.127.116.11.3.40.6 = STRING: "number of connections currently in use by the entire firewall" SNMPv2-SMI::enterprises.18.104.22.168.22.214.171.124.3.40.7 = STRING: "highest number of connections in use at any one time since system startup" SNMPv2-SMI::enterprises.126.96.36.199.188.8.131.52.4.40.6 = Counter32: 0 SNMPv2-SMI::enterprises.184.108.40.206.220.127.116.11.4.40.7 = Counter32: 0 SNMPv2-SMI::enterprises.18.104.22.168.22.214.171.124.5.40.6 = Gauge32: 8681 SNMPv2-SMI::enterprises.126.96.36.199.188.8.131.52.5.40.7 = Gauge32: 8716 [XXXXXXX@xxx-xxxx-xxxxx-001 ~]$
I may need to look at options for scripting this via the CLI.
Cisco Champion Radio · S7|E40 From SD-WAN to SASE: Speed Up and Secure SaaS Internet Apps
The changing global environment has transformed how enterprise users connect to applications. The SASE architecture delivers important networking and securit...
Hi guys,Have a question regarding spanning tree and way its supposed to work when there is a redundant path in fiber daisy-chained switches. Root switch for all vlans is connected via fiber link to the first of the daisy-chained switches. Below is same co...
Hi Experts, I am designing a Ring topology to connect all all DRs and back to CR sites. Do I need to consider what is the maximum DRs which I am able to connect in the Ring and I am thinking does the latency will be affected if more sites will j...
HiI have an issue with a pppoe command in a subinterface. I'm using a c1841-advipservicesk9-mz.124-25f.bin IOSand I have a problem with the command pppoe-client dial-pool-number6. I can configure in a interface but I can't in a subinterface. Any...
c1111-4plteea yesterday i was playing for nearly an hour because my upload was at < 1Mbps as a last resort i did a few cell 0 shut -> no shut and it was at 25Mbps moving the device an inch to the left or right and bam 1Mbpsthis can no...