• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3431
  • Last Modified:

SNMP OID for a Cisco ASA Firewalll for Interfaces defined as "inside" and "outside"

Question: I am trying to extract SNMP stats for interfaces on a CISCO PIX. I have the OID for the Interface description but, this does not contain any stats for traffic.

Whats is the OID for the physical interfaces showing traffic throughput - mainly for "inside" and "outside"
I have been returned the answer below but as it says this is only
a description. What is the OID for actual traffic in/out of the interafces  
Instance:  2
Label:  iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
  • 5
  • 2
1 Solution
You should be able to monitor with MRTG - it will extract the OIDs for you and track bandwidth/throughput over time
ccfcfcAuthor Commented:
Yes those OID's returned are exactly as I said, a description they dont contain any vales I can use in a formual to calculate traffic on the 2 interafecs "outside" and "inside"

What is MTRG  ? I can walk the whole mid wib with a WIB Walker but I need to know the MID values for both interfaces. Any monitoring application will need to know what MIB you want to report on surely ?

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

MRTG is a free application that monitors traffic throughput through interfaces. See http://oss.oetiker.ch/mrtg/

For the PIX/ASA this document (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml) has a description of most of what can be monitored including links to the MIB information.

Note that SNMPv1 will return 32 bit counters - these will roll over fairly frequently in a high traffic environment so you may want to use SNMPv2 to get the 64-bit counters.

Good Luck
ccfcfcAuthor Commented:
MRTG - thanks for the link to this. Looks very interesting indeed. What are the restrictions if any for reporting ion this. Any on reporting frequency , alertign ?

I can walk an SNMP MIB and extract all information. What I am looking for is the OID that contains information concerning data volumes through interfaces. I was provided with an OID that is :-
But as it says this is solely a description and does not contain any value I can use to graph
There are no restrictions for MRTG - I would set it up, let it add the ASA device (there is a perl script called cfgmaker to do that) and see what it comes up with for sampling the throughput.

When it runs it creates some graphs and statistics for utilization over daily (5 minute averages), weekly (30 minute averages), Monthly (2 hour), and Yearly (1 day). See Screenshot

It saves the samples in text files that I suppose you could run any type of application to report from.

I have not tried to run it directly against a PIX or ASA - but I do run it extensively against routers and switches in order to determine throughput - so if for some reason it won't work against your firewall you could always run it against the switch port the firewall is plugged into. Should work fine except that the input/output numbers would be reversed.

As far as the various counters you might look at iso.org.dod.internet.mgmt.mib-2.interfaces.  


Where '#' is the interface number

whoops - had an extra "interfaces." keyword above, I really should proofread
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now