Discussion:
Cisco ASA 5505 snmpwalk query
(too old to reply)
Warren Daly (OPUS)
2016-03-29 05:12:40 UTC
Permalink
Hi,
just wondering if anybody else noticed this issue with Cisco ASA5505
firewalls. They are both identical machines.
ASA 5505 Security Plus license. Same IOS version 9.1.6, 1024Mb RAM.
Almost identical configurations.

Why would 1 device report cikeTun* values, and the other say 'No Such
Object available on this agent at this OID'
Both have active IPSEC tunnels that pass traffic. Any thoughts most
welcome. Thank you.

/usr/bin/snmpbulkwalk -v2c -c *** -Pu -OQUs -m
CISCO-IPSEC-FLOW-MONITOR-MIB -M
/var/www/observium/mibs/rfc:/var/www/observium/mibs/net-snmp:/var/www/observium/mibs/cisco
'udp':'192.168.1.254':'161' cikeTunnelEntry
*cikeTunnelEntry = No Such Object available on this agent at this OID**
**
*/usr/bin/snmpbulkwalk -v2c -c *** -Pu -OQUs -m
CISCO-IPSEC-FLOW-MONITOR-MIB -M
/var/www/observium/mibs/rfc:/var/www/observium/mibs/net-snmp:/var/www/observium/mibs/cisco
'udp':'192.168.20.254':'161' cikeTunnelEntry*

*cikeTunLocalType.10067968 = ipAddrPeer
cikeTunLocalType.10207232 = ipAddrPeer
cikeTunLocalType.10293248 = ipAddrPeer
cikeTunLocalValue.10067968 = x.x.x.x
cikeTunLocalValue.10207232 = x.x.x.x
cikeTunLocalValue.10293248 = x.x.x.x
cikeTunLocalAddr.10067968 = "D2 18 81 82 "
cikeTunLocalAddr.10207232 = "D2 18 81 82 "
cikeTunLocalAddr.10293248 = "D2 18 81 82 "
.....
Fredrik Björk
2016-03-31 11:48:38 UTC
Permalink
Hi!

As a general suggestion, do you allow reading the entire (or the same
part of the) MIB tree? It's not uncommon to have setups that set
specific "views" in the SNMP setup.

Do an snmpbulkwalk of the entire "enterprises" tree to see how much that
differs:

/usr/bin/snmpbulkwalk -v2c -c *** -M ... 192.168.1.254 enterprises >
asa1.txt
/usr/bin/snmpbulkwalk -v2c -c *** -M ... 192.168.20.254 enterprises >
asa2.txt
diff asa1.txt asa2.txt (for Linux/*NIX/*BSD/OS X, other tools available
for other platforms)

Using "enterprises" as your OID makes the device spit out everything
vendor specific (like the entire Cisco tree in this case).

/Fredrik
Post by Warren Daly (OPUS)
Hi,
just wondering if anybody else noticed this issue with Cisco ASA5505
firewalls. They are both identical machines.
ASA 5505 Security Plus license. Same IOS version 9.1.6, 1024Mb RAM.
Almost identical configurations.
Why would 1 device report cikeTun* values, and the other say 'No Such
Object available on this agent at this OID'
Both have active IPSEC tunnels that pass traffic. Any thoughts most
welcome. Thank you.
/usr/bin/snmpbulkwalk -v2c -c *** -Pu -OQUs -m
CISCO-IPSEC-FLOW-MONITOR-MIB -M
/var/www/observium/mibs/rfc:/var/www/observium/mibs/net-snmp:/var/www/observium/mibs/cisco
'udp':'192.168.1.254':'161' cikeTunnelEntry
*cikeTunnelEntry = No Such Object available on this agent at this OID**
**
*/usr/bin/snmpbulkwalk -v2c -c *** -Pu -OQUs -m
CISCO-IPSEC-FLOW-MONITOR-MIB -M
/var/www/observium/mibs/rfc:/var/www/observium/mibs/net-snmp:/var/www/observium/mibs/cisco
'udp':'192.168.20.254':'161' cikeTunnelEntry*
*cikeTunLocalType.10067968 = ipAddrPeer
cikeTunLocalType.10207232 = ipAddrPeer
cikeTunLocalType.10293248 = ipAddrPeer
cikeTunLocalValue.10067968 = x.x.x.x
cikeTunLocalValue.10207232 = x.x.x.x
cikeTunLocalValue.10293248 = x.x.x.x
cikeTunLocalAddr.10067968 = "D2 18 81 82 "
cikeTunLocalAddr.10207232 = "D2 18 81 82 "
cikeTunLocalAddr.10293248 = "D2 18 81 82 "
.....
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Loading...