cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3810
Views
10
Helpful
10
Replies
Lev Lvov
Beginner

Firepower Anyconnect VPN sessions SNMP monitoring

We're using FTD 2100 with FMC, need to get active RA VPN sessions counter over SNMP.

Information I've found is related to ASA and not suitable for FP.

Can anybody share useful FP OIDs or point to documentation links?

1 ACCEPTED SOLUTION

Accepted Solutions

Enabling diagnostic interface it turned out we can use ASA-compatible SNMP mibs. 

crasSVCNumSessions = 1.3.6.1.4.1.9.9.392.1.3.35.0 is the counter of RA VPN sessions.

Thanks for help, it was not so obvious from documentation.

View solution in original post

10 REPLIES 10
Marvin Rhoads
VIP Community Legend

Have you tried the ASA OIDs?

Assuming you are SNMP polling the diagnostic interface (not enabled by default), it should be the LINA/ASA code that is responding to your system - not the FTD or FX-OS parts of the system.

Enabling diagnostic interface it turned out we can use ASA-compatible SNMP mibs. 

crasSVCNumSessions = 1.3.6.1.4.1.9.9.392.1.3.35.0 is the counter of RA VPN sessions.

Thanks for help, it was not so obvious from documentation.

View solution in original post

Marvin Rhoads
VIP Community Legend

You're welcome - you're right the documentation falls a bit short in this area.

Is there something you need to enable on the FTD or in FXOS?  

I am trying to poll using that OID but all I get is:

SNMPv2-SMI::enterprises.9.9.392.1.3.35.0 = No Such Object available on this agent at this OID

Yes, you need set up in FMC the IP for diagnistic interface which hosts aside management interface and do SNMP to that address.

If i understood correctly, i can use this oid for accounting of remote anyconnect users? Is it possible to use it to see in Zabbix accounts of users who are currently connected to anyconnect?

Support vareis by platform and version but you may be able to retrieve the usernames from here:

crasUsername 1.3.6.1.4.1.9.9.392.1.3.21.1.1

Reference:

http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=cisco&f=CISCO-REMOTE-ACCESS-MONITOR-MIB-V1SMI.my&v=v1&t=tree

Hi,

 

we just replaced our ASA with a FTD 2110 and FMC, so this is completely new for me. I just enabled Diagnostic Interface via FMC with an IP in the same Subnet as the FXOS Management IP. However, I cannot ping it and also SNMP cannot reach it. How can I setup a Default Route for the Diagnostic Interface?

 

Do I need to import a new MIB file to my Monitoring or can I just use the one I used for ASA?

Hi,

I understand your confusing. Try to look at this thread https://community.cisco.com/t5/network-security/fp-diagnostic-interface-setting-up/td-p/4028172 

Hello.

 

Good link, thanks.