Thanks Andres, this is what I was looking for. Although there are some things that are not yet clear to me:

Within the same second I do an "sh crypto en acc stat" and an "snmpwalk -v 2c router 1.3.6.1.4.1.9.9.171.1.3.2.1" and get quite some different value, from my understanding, the value from the OID cipSecTunHcInOctets is the "bytes in" from the command line, but they are quite different...

Do you have an explanation for this?

    tom

SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.7 = Counter32: 3410575359
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.27.7 = Counter64: 7240430469223
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.28.7 = Counter32: 1685
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.29.7 = Counter32: 3410572863
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.30.7 = Counter64: 7240430466623
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.31.7 = Counter32: 1685

cipSecTunInOctets (26)
cipSecTunHcInOctets (27)
cipSecTunInOctWraps (28)
cipSecTunInDecompOctets (29)
cipSecTunHcInDecompOctets (30)
cipSecTunInDecompOctWraps (31)

Virtual Private Network (VPN) Module in slot : 0
        Statistics for Hardware VPN Module since the last clear
         of counters 4294967 seconds ago
            52717964521 packets in                 52717964521 packets out          
         49085614436609 bytes in                50301364122657 bytes out            
                  12274 paks/sec in                      12274 paks/sec out         
                  91429 Kbits/sec in                     93693 Kbits/sec out        
             4276240142 packets decrypted           1197084123 packets encrypted    
         48367316578208 bytes before decrypt     1934047544449 bytes encrypted      
         46033996776185 bytes decrypted          3051617660424 bytes after encrypt 

Hi,

Please post a complete snmpwalk of the cipSecTunnelTable (1.3.6.1.4.1.9.9.171.1.3.2)along with the CLI output for the counters.

Thanks!

Andres

Here you go, taken within 1 second:

$ snmpwalk -v 2c ROUTER 1.3.6.1.4.1.9.9.171.1.3.2
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.2.7 = INTEGER: 233
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.3.7 = INTEGER: 2
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.4.7 = Hex-STRING: 0A AE F0 9E
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.5.7 = Hex-STRING: 0A AE F0 91
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.6.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.7.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.8.7 = INTEGER: 4608000
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.9.7 = INTEGER: 3600
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.10.7 = INTEGER: 285970390
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.11.7 = INTEGER: 64
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.12.7 = INTEGER: 10
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.13.7 = Counter32: 15608
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.14.7 = Counter32: 4736
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.15.7 = Gauge32: 2
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.16.7 = INTEGER: 2
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.17.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.18.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.19.7 = INTEGER: 3
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.20.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.21.7 = INTEGER: 2
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.22.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.23.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.24.7 = INTEGER: 3
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.25.7 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.7 = Counter32: 579098039
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.27.7 = Counter64: 7293433599475
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.28.7 = Counter32: 1698
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.29.7 = Counter32: 575076908
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.30.7 = Counter64: 7293429545516
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.31.7 = Counter32: 1698
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.32.7 = Counter32: 1111013313
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.33.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.34.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.35.7 = Counter32: 1111013366
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.36.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.37.7 = Counter32: 1111013405
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.38.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.39.7 = Counter32: 3148596872
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.40.7 = Counter64: 467005066368
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.41.7 = Counter32: 108
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.42.7 = Counter32: 2068560376
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.43.7 = Counter64: 3055790307832
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.44.7 = Counter32: 711
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.45.7 = Counter32: 2863199047
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.46.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.47.7 = Counter32: 2863199071
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.48.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.49.7 = Counter32: 2863199098
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.50.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.51.7 = INTEGER: 1

#sh cryp en acc stat
Virtual Private Network (VPN) Module in slot : 0
        Statistics for Hardware VPN Module since the last clear
         of counters 4294967 seconds ago
            52779258695 packets in                 52779258696 packets out          
         49142789111407 bytes in                50359890616591 bytes out            
                  12288 paks/sec in                      12288 paks/sec out         
                  91535 Kbits/sec in                     93802 Kbits/sec out        
               20794720 packets decrypted           1218856445 packets encrypted    
         48423002039880 bytes before decrypt     1936888611839 bytes encrypted      
         46086998711399 bytes decrypted          3055790459880 bytes after encrypt  
                      0 packets decompressed                 0 packets compressed   
                      0 bytes before decomp                  0 bytes before comp    
                      0 bytes after decomp                   0 bytes after comp     
                      0 packets bypass decompr               0 packets bypass compres
                      0 bytes bypass decompres               0 bytes bypass compressi
                      0 packets not decompress               0 packets not compressed
                      0 bytes not decompressed               0 bytes not compressed 
                  1.0:1 compression ratio                1.0:1 overall
                2487218 commands out                   2487218 commands acknowledged
                Last 5 minutes:
                2550875 packets in                     2550879 packets out          
                   8502 paks/sec in                       8502 paks/sec out         
               64684040 bits/sec in                   66305729 bits/sec out         
             2270406589 bytes decrypted               69417742 bytes encrypted      
               61362340 Kbits/sec decrypted            1876155 Kbits/sec encrypted  
                  1.0:1 compression ratio                1.0:1 overall

        Errors:
           ppq full errors         :        0   ppq rx errors           :        0
           cmdq full errors        :        0   cmdq rx errors          :        0
           ppq down errors         :        0   cmdq down errors        :        0
           no buffer               :        0   replay errors           :      221
           dest overflow           :        0   authentication errors   :        0
           Other error             :        0   Raw Input Underrun      :        0
           IPSEC Unsupported Option:        0   IPV4 Header Length      :        0
           ESP Pad Length          :        0   IPSEC Decompression     :        0
           AH ESP seq mismatch     :        0   AH Header Length        :        0
           AH ICV Incorrect        :        0   IPCOMP CPI Mismatch     :        0
           IPSEC ESP Modulo        :        0   Unexpected IPV6 Extensio:        0
           Unexpected Protocol     :        0   Dest Buf overflow       :        0
           IPSEC Pkt is fragment   :        0   IPSEC Pkt src count     :        0
           Invalid IP Version      :        0   Unwrappable             :        0
           PPTP Duplicate packet   :        0   PPTP Exceed max missed p:        0
           RNG self test fail      :        0   DF Bit set              :        0
           Hash Miscompare         :        0   Unwrappable object      :        0
           Missing attribute       :        0   Invalid attrribute value:        0
           Bad Attribute           :        0   Verification Fail       :        0
           Decrypt Failure         :        0   Invalid Packet          :        0
           Invalid Key             :        0   Input Overrun           :        0
           Input Underrun          :        0   Output buffer overrun   :        0
           Bad handle value        :        0   Invalid parameter       :        0
           Bad function code       :        0   Out of handles          :        0
           Access denied           :        0   Out of memory           :        0
           NR overflow             :        0   pkts dropped            :        0

        Warnings:
           sessions_expired        :        0   packets_fragmented      :        0
           general:                :        0

        HSP details:
           hsp_operations          :  2487233   hsp_sessions            :        4

Hi,

Please post a 'show ver'.

Andres

#sh vers
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3a), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 30-Sep-05 13:24 by hqluong

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

ROUTER uptime is 36 weeks, 6 days, 21 hours, 1 minute
System returned to ROM by power-on
System restarted at 19:16:25 MEST Thu Jun 24 2010
System image file is "flash:c2800nm-advsecurityk9-mz.124-3a.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2821 (revision 53.51) with 247808K/14336K bytes of memory.
Processor board ID FCZ094771UQ
3 Gigabit Ethernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Hi,

I just did some research and it seems that there is no MIB/OID to match the exact values for the 'show crypto engine accelerator statistic' command.

The reason is that the command output is a list of counters retrieved from embedded crypto engine. So this is not available via SNMP on the router.

The counters retrieved from the CISCO-IPSEC-FLOW-MONITOR-MIB are for the IPsec Phase-2 Tunnels.

Sorry for the confusion.

Andres.

Thanks Andres, what a pity... have a nice day.