cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7579
Views
10
Helpful
11
Replies

Firepower Anyconnect VPN sessions SNMP monitoring

voipleo
Level 1
Level 1

We're using FTD 2100 with FMC, need to get active RA VPN sessions counter over SNMP.

Information I've found is related to ASA and not suitable for FP.

Can anybody share useful FP OIDs or point to documentation links?

1 Accepted Solution

Accepted Solutions

Enabling diagnostic interface it turned out we can use ASA-compatible SNMP mibs. 

crasSVCNumSessions = 1.3.6.1.4.1.9.9.392.1.3.35.0 is the counter of RA VPN sessions.

Thanks for help, it was not so obvious from documentation.

View solution in original post

11 Replies 11

Marvin Rhoads
Hall of Fame
Hall of Fame

Have you tried the ASA OIDs?

Assuming you are SNMP polling the diagnostic interface (not enabled by default), it should be the LINA/ASA code that is responding to your system - not the FTD or FX-OS parts of the system.

Enabling diagnostic interface it turned out we can use ASA-compatible SNMP mibs. 

crasSVCNumSessions = 1.3.6.1.4.1.9.9.392.1.3.35.0 is the counter of RA VPN sessions.

Thanks for help, it was not so obvious from documentation.

You're welcome - you're right the documentation falls a bit short in this area.

Is there something you need to enable on the FTD or in FXOS?  

I am trying to poll using that OID but all I get is:

SNMPv2-SMI::enterprises.9.9.392.1.3.35.0 = No Such Object available on this agent at this OID

Yes, you need set up in FMC the IP for diagnistic interface which hosts aside management interface and do SNMP to that address.

If i understood correctly, i can use this oid for accounting of remote anyconnect users? Is it possible to use it to see in Zabbix accounts of users who are currently connected to anyconnect?

Support vareis by platform and version but you may be able to retrieve the usernames from here:

crasUsername 1.3.6.1.4.1.9.9.392.1.3.21.1.1

Reference:

http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=cisco&f=CISCO-REMOTE-ACCESS-MONITOR-MIB-V1SMI.my&v=v1&t=tree

Hi,

 

we just replaced our ASA with a FTD 2110 and FMC, so this is completely new for me. I just enabled Diagnostic Interface via FMC with an IP in the same Subnet as the FXOS Management IP. However, I cannot ping it and also SNMP cannot reach it. How can I setup a Default Route for the Diagnostic Interface?

 

Do I need to import a new MIB file to my Monitoring or can I just use the one I used for ASA?

Hello.

 

Good link, thanks.

hi, please tell me how to do it? in zabix and ftd?

Review Cisco Networking for a $25 gift card