DX NetOps

Hi Guys

We urgently need assistance with monitoring and reporting on SSL VPN Sessions and VPN IP Pool Utilization on a Cisco ASA 9.6(4)12 firewall. 

This FW is monitored with eHealth, Spectrum and UIM via SNMP but with eHealth EOSL we are looking to see if we can get this done via UIM for reporting

Has anyone done this before, if yes how does one go about implementing it.

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa
------------------------------

Hi David,

Hard to say without knowing what specific ASA model is involved. The Certs supported by a given device model, and the metrics that could be reported on, are listed per device here on the Certification listing page.

http://serviceassurance.broadcom.com/im/

For example if I look at an ASA 5550 model device (just picking a random one in the middle of the certified ones) we see Certifications like the following that could be supported. One of them would likely have a metric that provides the target data.

Would need to...

• Add those Metric Families to an existing or newly created Monitoring Profile
• Add target devices to an existing or newly created Collection Group
• Associate the Monitoring Profile with the Collection

That would start the discovery attempt of the items to gather those metrics.

Hope that helps.

Thanks,
Mike

------------------------------
Technical Support Engineer IV
Broadcom
------------------------------

Original Message:
Sent: 03-31-2020 01:25 PM
From: Tshwantshi David Tsatsi
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

Hi Guys

We urgently need assistance with monitoring and reporting on SSL VPN Sessions and VPN IP Pool Utilization on a Cisco ASA 9.6(4)12 firewall.

This FW is monitored with eHealth, Spectrum and UIM via SNMP but with eHealth EOSL we are looking to see if we can get this done via UIM for reporting

Has anyone done this before, if yes how does one go about implementing it.

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa
------------------------------

If the device is discovered and supported in eHealth, you can extend an existing element type with the variable that you require. The procedure is described in the eHealth documentation. I did it several times. The only thing that looked to complicated for me, as I did not have the time to check it, was the discovery process and creation of new elements based on the extension of eHealth. I did opt however for creating elements based on custom created DCI fields that are loaded into the poller using nhConfig.

------------------------------
Senior Consultant
SolvIT Networks
------------------------------

Original Message:
Sent: 03-31-2020 01:25 PM
From: Tshwantshi David Tsatsi
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

Hi Guys

We urgently need assistance with monitoring and reporting on SSL VPN Sessions and VPN IP Pool Utilization on a Cisco ASA 9.6(4)12 firewall.

This FW is monitored with eHealth, Spectrum and UIM via SNMP but with eHealth EOSL we are looking to see if we can get this done via UIM for reporting

Has anyone done this before, if yes how does one go about implementing it.

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa
------------------------------

Hi Catalin

Would you be able to share the documentation where this is discussed?

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa
------------------------------

Original Message:
Sent: 04-01-2020 02:37 AM
From: Catalin Farcasanu
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

If the device is discovered and supported in eHealth, you can extend an existing element type with the variable that you require. The procedure is described in the eHealth documentation. I did it several times. The only thing that looked to complicated for me, as I did not have the time to check it, was the discovery process and creation of new elements based on the extension of eHealth. I did opt however for creating elements based on custom created DCI fields that are loaded into the poller using nhConfig.

------------------------------
Senior Consultant
SolvIT Networks

Original Message:
Sent: 03-31-2020 01:25 PM
From: Tshwantshi David Tsatsi
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

Hi Guys

We urgently need assistance with monitoring and reporting on SSL VPN Sessions and VPN IP Pool Utilization on a Cisco ASA 9.6(4)12 firewall.

This FW is monitored with eHealth, Spectrum and UIM via SNMP but with eHealth EOSL we are looking to see if we can get this done via UIM for reporting

Has anyone done this before, if yes how does one go about implementing it.

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa
------------------------------

Latest eHealth documentation is available here. I think 6.3.3.01 would the last one. There 2 documents to check: Customizing Variables Administration Guide (ehealth_customvariables_admin_enu.pdf) and Data Integration Guide (ehealth_data_integration_enu.pdf). These two should provide the full picture on trying to extend the monitoring capabilities of eHealth.

One describes the import module (create DCI with elements and DDI with data) and the other the way to extend existing element variables, columns and element types in the end. You'll find some examples also in those documents. Quite detailed documents, thow. Use the search function of your PDF viewer.

------------------------------
Senior Consultant
SolvIT Networks
------------------------------

Original Message:
Sent: 04-02-2020 06:24 PM
From: Tshwantshi David Tsatsi
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

Hi Catalin

Would you be able to share the documentation where this is discussed?

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa

Original Message:
Sent: 04-01-2020 02:37 AM
From: Catalin Farcasanu
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

If the device is discovered and supported in eHealth, you can extend an existing element type with the variable that you require. The procedure is described in the eHealth documentation. I did it several times. The only thing that looked to complicated for me, as I did not have the time to check it, was the discovery process and creation of new elements based on the extension of eHealth. I did opt however for creating elements based on custom created DCI fields that are loaded into the poller using nhConfig.

------------------------------
Senior Consultant
SolvIT Networks

Original Message:
Sent: 03-31-2020 01:25 PM
From: Tshwantshi David Tsatsi
Subject: Monitor SSL VPN Sessions and VPN IP Pool Utilization

Hi Guys

We urgently need assistance with monitoring and reporting on SSL VPN Sessions and VPN IP Pool Utilization on a Cisco ASA 9.6(4)12 firewall.

This FW is monitored with eHealth, Spectrum and UIM via SNMP but with eHealth EOSL we are looking to see if we can get this done via UIM for reporting

Has anyone done this before, if yes how does one go about implementing it.

Regards
David

------------------------------
Ops Specialist: Enterprise Systems Management
BCX
Gauteng South Africa
------------------------------