Question about ASA IPSEC peer monitoring
Sascha E. Pollok
sp at iphh.net
Thu Nov 4 06:32:49 EDT 2021
Okay I think I solved this one myself.
> I am querying a Cisco ASA with SNMP for IPSEC peers I am using
> 1.3.6.1.4.1.9.9.171.1.2.3.1.7 from CISCO-IPSEC-FLOW-MONITOR-MIB which shows all peer
> addresses. However, one is missing. And the only difference I find is that this one is
> using NAT-T. Is anyone aware of a limitation in this MIB and where I could find that
> peer instead?
>
> ASA is running 9.8(4)32.
The information about an IPSEC/NAT-T peer I was able to find the peer in
CISCO-REMOTE-ACCESS-MONITOR-MIB which a peer ID that is offset +1 from the remaining
information about that peer in CISCO-IPSEC-FLOW-MONITOR-MIB with an RFC1918 IP as Peer IP
that doesn't match anything in the config. However, the corresponding values (e.g. for
authMethod) in CISCO-IPSEC-FLOW-MONITOR-MIB do not really make sense but I can ignore that
for now.
Does what I have found make sense? Anyone care to comment?
Thank you!
Sascha
More information about the cisco-nsp
mailing list