DX NetOps Manager

Expand all | Collapse all

CAPM Cisco Anyconnect vpn monitoring

Jump to Best Answer
  • 1.  CAPM Cisco Anyconnect vpn monitoring

    Posted 06-08-2018 06:46 PM

    I asked this on the spectrum side too, so here goes

     

    "help anyone.

     

    ciscoCryptoAcceleratorMIB oid 1.3.6.1.4.1.9.9.467

    within that is:

    ccaMaxCryptoConnections 1.3.6.1.4.1.9.9.467.1.1.5

    the firewall has a max connections of 5000.

    I can not find within this mib or other cisco mibs that will show the current number of sslvpn users connected.

    I want to be able to monitor the # of connected users and alert once it gets close to 5k users.

     

    Has anyone done this or have any idea/example on how to to this?? "

     

    Anyone have any idea if this can be done in CAPM?



  • 2.  Re: CAPM Cisco Anyconnect vpn monitoring
    Best Answer

    Posted 06-11-2018 10:46 AM

    Dick,

     

    I think it may be best to reach out to Cisco on this one and find out if they have an OID or a combination of OIDs that can be gathered to display the current amount of connections.  I took a look at the MIB at the below site as I do not have access directly to Cisco MIBs:

     

    https://github.com/simonjj/SnmpMibs/blob/master/CISCO-CRYPTO-ACCELERATOR-MIB.mib

     

    I was not able to find anything easy to be able to say yes, this one but these two seem to be the only ones with potential but they are a counter and not a gauge:

     

    ccaAcclOutboundSSLRecords OBJECT-TYPE
    SYNTAX Counter64
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
    "The number of combined outbound hash/encrypt SSL
    records processed by this module, counted since the
    last time this module assumed 'active' status."
    ::= { ccaAcceleratorEntry 37 }

     

    ccaAcclInboundSSLRecords OBJECT-TYPE
    SYNTAX Counter64
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
    "The number of combined inbound hash/encrypt SSL
    records processed by this module, counted since the
    last time this module assumed 'active' status."
    ::= { ccaAcceleratorEntry 38 }

     

    If Cisco cannot provide an existing OID to provide this functionality then unfortunately it is not something PM nor Spectrum could come up with.  If they can come up with OID(s) that can be used, if PM does not currently have support for them we could do a certification request to get the support for them introduced into the product.  For more information on a certification request, please see this KB Article:

     

    Unable to discover a new device in CAPC - CA Knowledge 

     

    Troy