Solved

SNMP OID for a Cisco ASA Firewalll for Interfaces defined as "inside" and "outside"

Posted on 2010-09-10
7
3,050 Views
Last Modified: 2012-05-10
Question: I am trying to extract SNMP stats for interfaces on a CISCO PIX. I have the OID for the Interface description but, this does not contain any stats for traffic.

Whats is the OID for the physical interfaces showing traffic throughput - mainly for "inside" and "outside"
I have been returned the answer below but as it says this is only
a description. What is the OID for actual traffic in/out of the interafces  
OID for "INSIDE"
1.3.6.1.2.1.2.2.1.2
Instance:  2
Label:  iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 33650968
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33650981
You should be able to monitor with MRTG - it will extract the OIDs for you and track bandwidth/throughput over time
0
 

Author Comment

by:ccfcfc
ID: 33660401
Yes those OID's returned are exactly as I said, a description they dont contain any vales I can use in a formual to calculate traffic on the 2 interafecs "outside" and "inside"

What is MTRG  ? I can walk the whole mid wib with a WIB Walker but I need to know the MID values for both interfaces. Any monitoring application will need to know what MIB you want to report on surely ?


0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 28

Expert Comment

by:bgoering
ID: 33662513
MRTG is a free application that monitors traffic throughput through interfaces. See http://oss.oetiker.ch/mrtg/

For the PIX/ASA this document (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml) has a description of most of what can be monitored including links to the MIB information.

Note that SNMPv1 will return 32 bit counters - these will roll over fairly frequently in a high traffic environment so you may want to use SNMPv2 to get the 64-bit counters.

Good Luck
0
 

Author Comment

by:ccfcfc
ID: 33671547
MRTG - thanks for the link to this. Looks very interesting indeed. What are the restrictions if any for reporting ion this. Any on reporting frequency , alertign ?

I can walk an SNMP MIB and extract all information. What I am looking for is the OID that contains information concerning data volumes through interfaces. I was provided with an OID that is :-
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
But as it says this is solely a description and does not contain any value I can use to graph
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 33672850
There are no restrictions for MRTG - I would set it up, let it add the ASA device (there is a perl script called cfgmaker to do that) and see what it comes up with for sampling the throughput.

When it runs it creates some graphs and statistics for utilization over daily (5 minute averages), weekly (30 minute averages), Monthly (2 hour), and Yearly (1 day). See Screenshot

It saves the samples in text files that I suppose you could run any type of application to report from.

I have not tried to run it directly against a PIX or ASA - but I do run it extensively against routers and switches in order to determine throughput - so if for some reason it won't work against your firewall you could always run it against the switch port the firewall is plugged into. Should work fine except that the input/output numbers would be reversed.

As far as the various counters you might look at iso.org.dod.internet.mgmt.mib-2.interfaces.  

interfaces.ifTable.ifEntry.ifInOctets.#
interfaces.ifTable.ifEntry.ifInUcastPkts.#
interfaces.ifTable.ifEntry.ifInNUcastPkts.#
interfaces.ifTable.ifEntry.ifInDiscards.#
interfaces.ifTable.ifEntry.ifInErrors.#
interfaces.ifTable.ifEntry.ifOutOctets.#
interfaces.ifTable.ifEntry.ifOutUcastPkts.#
interfaces.ifTable.ifEntry.ifOutNUcastPkts.#
interfaces.ifTable.ifEntry.ifOutDiscards.#
interfaces.ifTable.ifEntry.ifOutErrors.#

Where '#' is the interface number


mrtg-sample.jpg
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33672866
whoops - had an extra "interfaces." keyword above, I really should proofread
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question