cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
23040
Views
11
Helpful
10
Replies

ASA SSL SNMP OID's

I'm monitoring our Cisco ASA via SNMP.

So far I found :

- Total number of RAS sessions : 1.3.6.1.4.1.9.9.392.1.3.1.0

- Number of IPSec VPN tunnels : 1.3.6.1.4.1.9.9.171.1.3.1.1.0

- Total number of SSL Sessions : 1.3.6.1.4.1.3076.2.1.2.26.1.2.0

I'm looking for these OID's :

- Number of SSL Sessions via the Anyconnect VPN client (SSL VPN)

- Number of Clientless SSL sessions

Thanks in advance

10 Replies 10

Ivan Martinon
Level 7
Level 7

see if these one works for you:

SSL Stats are in ALTIGA-SSL-STATS-MIB. You are looking for alSslStatsActiveSessions.

snmpwalk -c -v -OS .1.3.6.1.4.1.3076.2.1.2.26.1

http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=ALTIGA-GLOBAL-REG#

Hi community,

Knowing that this post is 8 years old, is it still possible to get a response on it or should i open a new thread?

I am wondering if anyone managed to come up with a solution to monitor seperately active and inactive sessions on an asa 5525. there only seems to be one oid for combining the sessions. Currently we are looking at the total sessions for atm anyconnect but want to see it split.

Regards,

Dino

Anyone ?

Help would be very much appreciated

Did you check my last post? was it not useful?

Hi, thanks for the reply but I already found the MIB containing the "Total number of SSL Sessions" : 1.3.6.1.4.1.3076.2.1.2.26.1.2.0 ".

I'm looking for separate SSL connection OID's :

- Number of SSL Sessions via the Anyconnect VPN client (SSL VPN)

- Number of Clientless SSL sessions

sergiu_dunca
Level 1
Level 1

I have found some resources here, might be helpful for you:

http://www.mibdepot.com/cgi-bin/getmib3.cgi?i=1&n=CISCO-REMOTE-ACCESS-MONITOR-MIB&r=cisco&f=CISCO-REMOTE-ACCESS-MONITOR-MIB.my&v=v2&t=tree

crasSVCNumSessions 1.3.6.1.4.1.9.9.392.1.3.35.0

crasWebvpnNumSessions 1.3.6.1.4.1.9.9.392.1.3.38.0

networkops11
Level 1
Level 1

Below are some useful OIDs

 

to get IP of connected active users 1.3.6.1.4.1.9.9.392.1.3.21.1.8
Number of maximum users can be connected 1.3.6.1.4.1.9.9.467.1.1.5
Number of IPsec client connected .1.3.6.1.4.1.9.9.392.1.3.26
Number of current anyconnect client connected .1.3.6.1.4.1.3076.2.1.2.26.1.2.0

Would love to know the OIDs that relate to each of these values, particularly each type of AnyConnect user.

 

---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concur : Inactive
----------------------------------------------
AnyConnect Client : 43 : 17172 : 96 : 1
SSL/TLS/DTLS : 6 : 3295 : 21 : 0
IKEv2 IPsec : 37 : 13877 : 82 : 1
Clientless VPN : 1 : 17837 : 47
Browser : 1 : 17837 : 47
IKEv1 IPsec/L2TP IPsec : 23 : 3336 : 29
Site-to-Site VPN : 20 : 1200779 : 28
IKEv2 IPsec : 4 : 2013 : 7
IKEv1 IPsec : 16 : 1198766 : 24
---------------------------------------------------------------------------
Total Active and Inactive : 88 Total Cumulative : 1239124
Device Total VPN Capacity : 750
Device Load : 12%
---------------------------------------------------------------------------

I have the same problem, did you manage to get the OID? please share.

Thank you!

vpnttg001
Level 1
Level 1

Hello,

Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec  (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN  tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN  tunnel over time in graphical form.

Advantage of VPNTTG over other SNMP based monitoring software's is  following: Other (commonly used) software's are working with static OID  numbers, i.e. whenever tunnel disconnects and reconnects, it gets  assigned a new OID number. This means that the historical data, gathered  on the connection, is lost each time. However, VPNTTG works with VPN  peer's IP address and it stores for each VPN tunnel historical  monitoring data into the Database.

For more information about VPNTTG please visit www.vpnttg.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: