cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2594
Views
10
Helpful
10
Replies
Highlighted
Beginner

Firepower Anyconnect VPN sessions SNMP monitoring

We're using FTD 2100 with FMC, need to get active RA VPN sessions counter over SNMP.

Information I've found is related to ASA and not suitable for FP.

Can anybody share useful FP OIDs or point to documentation links?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Enabling diagnostic interface it turned out we can use ASA-compatible SNMP mibs. 

crasSVCNumSessions = 1.3.6.1.4.1.9.9.392.1.3.35.0 is the counter of RA VPN sessions.

Thanks for help, it was not so obvious from documentation.

View solution in original post

10 REPLIES 10
Highlighted
Hall of Fame Guru

Have you tried the ASA OIDs?

Assuming you are SNMP polling the diagnostic interface (not enabled by default), it should be the LINA/ASA code that is responding to your system - not the FTD or FX-OS parts of the system.

Highlighted

Enabling diagnostic interface it turned out we can use ASA-compatible SNMP mibs. 

crasSVCNumSessions = 1.3.6.1.4.1.9.9.392.1.3.35.0 is the counter of RA VPN sessions.

Thanks for help, it was not so obvious from documentation.

View solution in original post

Highlighted

You're welcome - you're right the documentation falls a bit short in this area.

Highlighted

Is there something you need to enable on the FTD or in FXOS?  

I am trying to poll using that OID but all I get is:

SNMPv2-SMI::enterprises.9.9.392.1.3.35.0 = No Such Object available on this agent at this OID

Highlighted

Yes, you need set up in FMC the IP for diagnistic interface which hosts aside management interface and do SNMP to that address.

Highlighted

If i understood correctly, i can use this oid for accounting of remote anyconnect users? Is it possible to use it to see in Zabbix accounts of users who are currently connected to anyconnect?

Highlighted

Support vareis by platform and version but you may be able to retrieve the usernames from here:

crasUsername 1.3.6.1.4.1.9.9.392.1.3.21.1.1

Reference:

http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=cisco&f=CISCO-REMOTE-ACCESS-MONITOR-MIB-V1SMI.my&v=v1&t=tree

Highlighted

Hi,

 

we just replaced our ASA with a FTD 2110 and FMC, so this is completely new for me. I just enabled Diagnostic Interface via FMC with an IP in the same Subnet as the FXOS Management IP. However, I cannot ping it and also SNMP cannot reach it. How can I setup a Default Route for the Diagnostic Interface?

 

Do I need to import a new MIB file to my Monitoring or can I just use the one I used for ASA?

Highlighted

Hi,

I understand your confusing. Try to look at this thread https://community.cisco.com/t5/network-security/fp-diagnostic-interface-setting-up/td-p/4028172 

Highlighted

Hello.

 

Good link, thanks.

Content for Community-Ad