View individual connections by IP on ASA using a MIB

kennethphillips · ‎05-06-2013

I would like to see embryonic connections of some IP's but Id like to do this with SNMP and I´m looking for a MIB for this. I see the embryonic connections with the command "show local-host x.x.x.x" but Id like to do this with a MIB in SNMP.

sokakkar · ‎05-06-2013

Hello Kenneth,

I looked through various docs and here is what I found:

We can collect the statistics for total number of connections through the box, which is the output of "show connection count" using the following OID: SNMP OID: .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 However, Ithere is no such OID which tracks the statistics you are looking for.

Here is the reference link for SNMP on ASA and the MIBs supported:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/monitor_snmp.html

Per above document 8.4(1) onwards ASA supports connection-limit reached trap notifications, MIB's available on site. Here is the link from where we can download the MIBs supported by ASA: ftp://ftp-sj.cisco.com/pub/mibs/supportlists/asa/asa-supportlist.html If you wish to be alerted when embryonic connection limit reaches, you can set email alerts to do that.
Whenever such limit exceeds, the firewall generates the following syslog:

Error Message    %ASA-4-407002: Embryonic limit nconns/elimit for through connections 
exceeded.outside_address/outside_port to global_address 
(inside_address)/inside_port on interface interface_name

http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4773060

Setting email notifications such that whenever this sylog is generated, an email is sent across. Here is how we can do it: /----------------------------------Begin Output--------------------------------/ config t logging list test message 407002 logging mail test logging from-address ASA@example.com logging recipient-address admin@example.com smtp-server

/------------------------------------End Output--------------------------------/

HTH.

-
Sourav