Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1189
Views
2
Helpful
6
Replies

Firepower VPN local IP Pool usage

raymng
Level 1
Level 1

‎10-18-2024 04:27 PM

Hi there,

I want to know the IP pool usages on the Firepower for Remote Access VPN users.

From the CLI (via system support diagnostic-cli), I can do:

show ip local pool [pool name]

 

The 'ask' is if there is other ways to get this info?

Does this info available in the FMC web UI?

How about doing custom SNMP polling?  Is there a MIB for this?

Any suggestions?

Thanks.

Labels:
6 Replies 6

Kasun Bandara
VIP
VIP

‎10-18-2024 07:25 PM

@raymng hi, as per below thread its bit complicated and recommends to use CLI. i am not sure about FMC. also new devices, you can use the python libraries to get CLI output or use tool like ansible.

https://community.cisco.com/t5/network-management/snmp-dhcp/td-p/2946589

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

raymng
Level 1
Level 1
In response to Kasun Bandara

‎10-21-2024 04:55 PM

Thanks Kasun.  Guess the answer is a no, that you are not aware any easy solution to monitor how many IP in the local IP pool has been allocated.

0 Helpful

MHM Cisco World
VIP
VIP

‎10-19-2024 03:04 AM

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200475-Configure-DHCP-Server-Relay-on-FTD-Using.html

Check link

I think 

Show dhcp statistics 

Is solution you need 

MHM

0 Helpful

raymng
Level 1
Level 1
In response to MHM Cisco World

‎10-21-2024 04:58 PM

Hi there,

Unfortunately we don't use DHCP services, but use local IP pool built on the firepower to provide IP assignment to AnyConnect use.

The current command "show ip local pool" give us what we need (how many IP allocated, and how many are still availble).

The  wish is if this info can be seen via the FMC web UI, and/or being collected over time to so we can better manage the IP pool size.  In the ASA world, I wrote a expect script to collect the info and inject to Splunk for graph and alerting (when low in available IP).  Now I just want to see if there is an easier way in the FMC/FTD world.

Thanks anyway.

MHM Cisco World
VIP
VIP
In response to raymng

‎10-29-2024 07:40 AM 

firepower# show dhcpd statistics 
 firepower# show dhcpd binding

 above two command not help you ??

MHM

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎10-29-2024 02:01 PM

Hi,

    I'm not aware of such monitoring being available from FMC GUI. However, although not what you're looking for is to look in this document, find the syslog message that gets generated when ip local pool is exhausted and configure FMC to match on that syslog message and alert you. https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs-sev-level.html

    A better off alternative is also to configure a large enough pool, to avoid running into problems here, at the end of the day private IP's are free, it's not like you have to pay for it  

Best,

Cristian.

0 Helpful
Customers Also Viewed These Support Documents