Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1153
Views
0
Helpful
0
Replies

MIB cikeGlobalActiveTunnels doesnt work for SPA Carrier-400

sthon-dbsys
Level 1
Level 1

‎03-10-2010 12:02 PM - edited ‎02-21-2020 03:53 AM

I tried to monitor the active ike and ipsec sessions via SNMP

I found these 2 oids

1. enterprises.cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseOne.cikeGlobalStats.cikeGlobalActiveTunnels.0 = Gauge32: 0
2. enterprises.cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecGlobalStats.cipSecGlobalActiveTunnels.0 = Gauge32: 0

therefor 2 questions:

1. the both oids only works on a 3825 not on a 65 with SPA Carrier Card !?

2. I am not really sure what is the result of cipSecGlobalActiveTunnels is ?

detailed show and snmpget


3825:
-----

CISCO3825#show inventory
NAME: "3825 chassis", DESCR: "3825 chassis"
PID: CISCO3825         , VID: V03 , SN: XXXXXXXX

CISCO3825#show crypto session | i Session
Session status: DOWN
Session status: UP-ACTIVE    
Session status: DOWN
Session status: UP-ACTIVE    
Session status: UP-NO-IKE
Session status: UP-ACTIVE    
Session status: UP-NO-IKE


snmpget -c SNMP CISCO3825 .1.3.6.1.4.1.9.9.171.1.2.1.1.0
CISCO-IPSEC-FLOW-MONITOR-MIB::cikeGlobalActiveTunnels.0 = Gauge32: 3   !!! <-- 3 for up and active

snmpget -c SNMP CISCO3825 .1.3.6.1.4.1.9.9.171.1.3.1.1.0
CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecGlobalActiveTunnels.0 = Gauge32: 6   !!!  <-- 6 for what ?


6500 with SPA Carrier-400
--------------------------

CISCO6500#show module
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       XXXXXXXX
  4    0  2-subslot Services SPA Carrier-400     7600-SSC-400       XXXXXXXX

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  0016.9de6.afc8 to 0016.9de6.afcb   5.7   8.5(2)       12.2(33)SXH3 Ok
  4  001e.13e3.8bc0 to 001e.13e3.8bff   2.0   12.2(33)SXH3 12.2(33)SXH3 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  1  Policy Feature Card 3       WS-F6K-PFC3B       XXXXXXXX     2.4    Ok
  1  MSFC3 Daughterboard         WS-SUP720          XXXXXXXX     3.2    Ok
4/0 2 Gbps IPSec SPA            SPA-IPSEC-2G       XXXXXXXX     2.0    Ok


CISCO6500#show crypto session | i Session
Session status: UP-ACTIVE    
Session status: UP-ACTIVE    
Session status: UP-ACTIVE    


snmpget -c SNMP CISCO6500 .1.3.6.1.4.1.9.9.171.1.2.1.1.0
CISCO-IPSEC-FLOW-MONITOR-MIB::cikeGlobalActiveTunnels.0 = Gauge32: 0  !!! <-- 0 for up and active

snmpget -c SNMP CISCO6500 .1.3.6.1.4.1.9.9.171.1.3.1.1.0
CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecGlobalActiveTunnels.0 = Gauge32: 0  !!! <-- 0

so anyone has a idea or a oid to monitor the active ipsec and ike session on a SPA carrier-400  ?

thx

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card