Description

It monitors IpSec and IKE traffic for each tunnel. Few 64 bit OIDs are being used in this template to monitor IpSec tunnels. This template is applicable on Cisco ASA firewalls.

Prerequisites

SNMP should be enabled in end device and device should support CISCO-IPSEC-FLOW-MONITOR-MIB 64-bit OIDs and SNMP credentials should be attached against the device in portal.

How to Apply: This template is All instance selection based. It will not ask user to select any instance (s) while assigning it to a device.

Metric Parameters

Metric Parameters
ParameterDescription
Frequency
  • Frequency is the interval in which you want to probe and collect metric data from the target device/resource
  • Frequency is defined in minutes (min).
  • Warning ThresholdIf the metric value satisfies the condition defined along with Warning Threshold value, then a notification is sent to the user.
    Critical ThresholdIf the metric value satisfies the condition defined along with Critical Threshold value, then a notification is sent to the user.
    AlertThe alert value can be set to either Yes or No. If it is Yes, then an alert message is sent to the user.

    Metrics

    cisco.ike.in.octets.phase1

    Metric Details

    Metric Details
    Applicable forDevice
    SNMP OID1.3.6.1.4.1.9.9.171.1.2.3.1.19
    ExpressioncikeTunInOctets * 8
    DescriptionThe total number of octets received by this IPsec Phase-1 IKE Tunnel.
    [OID: 1.3.6.1.4.1.9.9.171.1.2.3.1.19]
    CategorySNMP monitors
    Collector TypeGateway
    Monitor NameCisco IKE Tunnel Traffic 32 bit
    Unitbps

    Possible Inputs

    Possible Inputs
    MetricInput ValueRange of Values
    Frequency51 – 1440 (mins)
    FilterNULLNA
    Warning Operator
    Warning Threshold
    Warning Repeat Count
    Critical Operator
    Critical Threshold
    Critical Repeat Count
    AlertNoYes/No
    Graph (Yes/No)YesYes/No

    Note: As Alert is not enabled on the above metric, the fields are left blank.

    Sample Output

    No graph

    cisco.ike.out.octets.phase1

    Metric Details

    Metric Details
    Applicable forDevice
    SNMP OID1.3.6.1.4.1.9.9.171.1.2.3.1.27
    ExpressioncikeTunOutOctets * 8
    DescriptionThe total number of octets sent by this IPsec Phase-1 IKE Tunnel.
    [OID: 1.3.6.1.4.1.9.9.171.1.2.3.1.27]
    CategorySNMP monitors
    Collector TypeGateway
    Monitor NameCisco IKE Tunnel Traffic 32 bit
    Unitbps

    Possible Inputs

    Possible Inputs
    MetricInput ValueRange of Values
    Frequency51 – 1440 (mins)
    FilterNULLNA
    Warning Operator
    Warning Threshold
    Warning Repeat Count
    Critical Operator
    Critical Threshold
    Critical Repeat Count
    AlertNoYes/No
    Graph (Yes/No)YesYes/No

    Note: As Alert is not enabled on the above metric, the fields are left blank.

    Sample Output

    No graph

    cisco.ipsec.in.octets.phase2

    Metric Details

    Metric Details
    Applicable forDevice
    SNMP OID1.3.6.1.4.1.9.9.171.1.3.2.1.27
    ExpressioncipSecTunHcInOctets * 8
    DescriptionA high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel.
    [OID: 1.3.6.1.4.1.9.9.171.1.3.2.1.27]
    CategorySNMP monitors
    Collector TypeGateway
    Monitor NameCisco IpSec Tunnel Traffic 64 bit
    Unitbps

    Possible Inputs

    Possible Inputs
    MetricInput ValueRange of Values
    Frequency51 – 1440 (mins)
    FilterNULLNA
    Warning Operator
    Warning Threshold
    Warning Repeat Count
    Critical Operator
    Critical Threshold
    Critical Repeat Count
    AlertNoYes/No
    Graph (Yes/No)YesYes/No

    Note: As Alert is not enabled on the above metric, the fields are left blank.

    Sample Output

    No graph

    cisco.ipsec.out.octets.phase2

    Metric Details

    Metric Details
    Applicable forDevice
    SNMP OID1.3.6.1.4.1.9.9.171.1.3.2.1.40
    ExpressioncipSecTunHcOutOctets * 8
    DescriptionA high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel.
    [OID: 1.3.6.1.4.1.9.9.171.1.3.2.1.40]
    CategorySNMP monitors
    Collector TypeGateway
    Monitor NameCisco IpSec Tunnel Traffic 64 bit
    Unitbps

    Possible Inputs

    Possible Inputs
    MetricInput ValueRange of Values
    Frequency51 – 1440 (mins)
    FilterNULLNA
    Warning Operator
    Warning Threshold
    Warning Repeat Count
    Critical Operator
    Critical Threshold
    Critical Repeat Count
    AlertNoYes/No
    Graph (Yes/No)YesYes/No

    Note: As Alert is not enabled on the above metric, the fields are left blank.

    Sample Output

    No graph