DX NetOps

Expand all | Collapse all

Cisco ASA Anyconnect vpn monitoring

Jump to Best Answer
  • 1.  Cisco ASA Anyconnect vpn monitoring

    Posted 06-08-2018 06:38 PM

    help anyone.

     

    ciscoCryptoAcceleratorMIB oid 1.3.6.1.4.1.9.9.467

    within that is:

    ccaMaxCryptoConnections 1.3.6.1.4.1.9.9.467.1.1.5

    the firewall has a max connections of 5000.

    I can not find within this mib or other cisco mibs that will show the current number of sslvpn users connected.

    I want to be able to monitor the # of connected users and alert once it gets close to 5k users.

     

    Has anyone done this or have any idea/example on how to to this??



  • 2.  Re: Cisco ASA Anyconnect vpn monitoring

    Posted 06-11-2018 03:40 AM

    Maybe you should ask for a response on the Cisco side. It is related with a Cisco device. Maybe they know better what's the OID that you need.



  • 3.  Re: Cisco ASA Anyconnect vpn monitoring

    Posted 06-11-2018 05:25 AM

    Hi oldshield,

     

    just doing an online search ("cisco anyconnect snmp number of sessions") might reveal useful information, e.g.:

    ASA SSL SNMP OID's - Cisco Support Community 

     

    regards,

    Raphael



  • 4.  Re: Cisco ASA Anyconnect vpn monitoring

    Posted 06-11-2018 02:34 PM

    Could this be it?

     

    ccaGlobalNumActiveAccelerators OBJECT-TYPE
    SYNTAX CAModuleCount (0 .. 4294967295)
    ACCESS read-only
    STATUS current

    DESCRIPTION
    "The number of crypto accelerators which are in state
    'active'."
    ::= { ccaGlobalStats 1 }

    -- 1.3.6.1.4.1.9.9.467.1.2.1.1



  • 5.  Re: Cisco ASA Anyconnect vpn monitoring

    Posted 06-12-2018 03:31 AM

    Hi,

    Was wondering if I could get SSL VPN stats from our Cisco5520 Firewall? I would like to be able to report on trending for the last 6 monthes such as: the amount of people logged and showing how long they are logged in, amount of traffic and what kind of traffic?

     

    Is this possible and would I have to enable Netflow on the ASA Firewall.

     

    I also have a CISCO SPA122 for an IP Phone. My ISP keeps cutting me off. I would like to tunnel out using a VPN. Can I config my Cisco SPA122 with Pure VPN but they replied me that "We only have PPTP tutorial for Mikrotik however, if you can send us screenshots of your Router’s wan settings at help@purevpn.com then we may send you setup instructions."



  • 6.  Re: Cisco ASA Anyconnect vpn monitoring
    Best Answer

    Posted 06-13-2018 10:33 AM

    Hi Patrick,

     

    Your first question is more of a vendor question:

     

    Was wondering if I could get SSL VPN stats from our Cisco5520 Firewall?

     

    You can download and compile the CISCO-REMOTE-ACCESS-MONITOR-MIB from Cisco then see if OID  1.3.6.1.4.1.9.9.392.1.3.35.0 from mibtools populates values.

    crasSVCNumSessions OBJECT-TYPE

     

    -- Units 
    -- Sessions 
    -- 1.3.6.1.4.1.9.9.392.1.3.35.0
    -- iso(1). org(3). dod(6). internet(1). private(4). enterprises(1). cisco(9). ciscoMgmt(9). ciscoRemoteAccessMonitorMIB(392). ciscoRasMonitorMIBObjects(1). crasActivity(3). crasSVCNumSessions(35). 0
     SYNTAXGauge 
     ACCESSread-only  
     DESCRIPTION     
     "The number of currently active SVC sessions."
    ::= { crasActivity 35  }

     

    This will give you the active number of Sessions, there may be some more mibobjects in this mib that you can see depending upon what you are interested in.

     

    Your second question:

     

    Is this possible and would I have to enable Netflow on the ASA Firewall.

     

    Netflow isn´t supported on Spectrum directly as it is supported previously on eHealth and now Performance Manager, so even if you could enable it, there isn´t a lot you can do with the information in Spectrum unless you wanted to import the Netflow mib and create OneClick tables for each view you would like to see.

     

    I hope this helps a bit.

     

    Best regards,

    Glenn