Cisco ASA multicontext S2S VPN tunnel SNMP monitoring
I am fighting to retrieve site-to-site VPN tunnel status via SNMP. I am trying to get it from multicontext-enabled Cisco ASA version 9.6(4)20 from VPN dedicated ASA context IP address.
– First I tried snmpwalk over OID 188.8.131.52.184.108.40.206.171 from dedicated CISCO-IPSEC-FLOW-MONITOR-MIB for monitoring IPSec-based VPN tunnels, but unfortunately I was always getting “No Such Instance currently exists at this OID”.
– Secondly I’ve tried snmpwalk over OID 220.127.116.11.18.104.22.168.392 from CISCO-REMOTE-ACCESS-MONITOR-MIB which should be dedicatd for RAS VPN instead, but here, yes, I finally get some info back. the problem here is that the only attribute for monitoring this “RAS” (in real it’s IKEv2-based IPSec VPN tunnel) session is using crasSessionState, but it is returning value “0”, which is by definition of crasSessionState is SessionStatus-based attribute with following valid values: initializing(1), established(2) and terminating(3) and “0” therefore is not defined.
Guys please there any restriction/bug why CISCO-IPSEC-FLOW-MONITOR-MIB is not available under Cisco ASA context for monitoring IKEv2-based IPSec VPN tunnels, but rather CISCO-REMOTE-ACCESS-MONITOR-MIB is available and used instead?