[network::cisco::firepower::fxos::snmp::plugin] - new mode VPN

[joschi99]

It should be nice to monitor VPN tunnels on firepower.

• snmp mib: fxos-mibs.2.8.1.129.zip
• snmp walk: firepower.zip

The following VPN's are present on this snmp walk:

> show crypto isakmp sa

IKEv1 SAs:

   Active SA: 7

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 7

1   IKE Peer: 217.56.92.226

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

2   IKE Peer: 81.118.252.158

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

3   IKE Peer: 91.187.222.50

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

4   IKE Peer: 194.79.56.228

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_ACTIVE

5   IKE Peer: 62.97.49.211

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

6   IKE Peer: 46.141.62.180

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_ACTIVE

7   IKE Peer: 83.211.74.185

    Type    : user            Role    : initiator

    Rekey   : no              State   : MM_WAIT_MSG2

[garnier-quentin]

I don't find information about vpn in your mibs. But when i look the snmpwalk it seems you can use mode ipsec-tunnel from network/cisco/asa/snmp/plugin.

[joschi99]

Strange, I need to investigate, because if you look the snmpwalk you can find for example the IP addresses from the VPN's. I will update you asap.

[garnier-quentin]

Try the asa plugin. It should work.

[joschi99]

seems working

[garnier-quentin]

Thanks for the feedback!