RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator)

To:	"'Barr, Scott'" <Scott_Barr@csgsystems.com>, nv-l@lists.tivoli.com
Subject:	RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator)
From:	"Davis, Donald" <donald.davis@firstcitizens.com>
Date:	Fri, 1 Aug 2003 12:55:21 -0400
Delivered-to:	mailing list nv-l@lists.tivoli.com
Delivery-date:	Fri, 01 Aug 2003 17:56:03 +0100
Envelope-to:	nv-l-archive@lists.skills-1st.co.uk
List-help:	<mailto:nv-l-help@lists.tivoli.com>
List-post:	<mailto:nv-l@lists.tivoli.com>
List-subscribe:	<mailto:nv-l-subscribe@lists.tivoli.com>
List-unsubscribe:	<mailto:nv-l-unsubscribe@lists.tivoli.com>
Mailing-list:	contact nv-l-help@lists.tivoli.com; run by ezmlm

Scott,

From what I have been reading, if the tunnel is in the active table, it is up.

If it is missing from the active table, it is down.

This query will tell you the IP Address that each tunnel index is remotely connected to.

snmpwalk <hostname> .1.3.6.1.4.1.9.9.171.1.2.3.1.7

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseOne.cikeTunnelTable.cikeTunnelEntry.cikeTunRemoteValue.7040 : DISPLAY STRING- (ascii): 65.82.246.18

...

This example indicates that index:7040 is remotely connected to 65.82.246.18

nslookup on that address yields:

Name: adsl-065-082-246-018.sip.clt.bellsouth.net
Address: 65.82.246.18

Don Davis
First Citizens Bank
Systems Engineer Consultant
Raleigh, NC. 27603-3526

-----Original Message-----
From: Barr, Scott [mailto:Scott_Barr@csgsystems.com]
Sent: Friday, August 01, 2003 11:04 AM
To: Davis, Donald; nv-l@lists.tivoli.com
Subject: RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator)

Don, first of all.....YOU ARE AWESOME

Second, THANKS

Third, How the heck do I tell which tunnel is which? I am looking at a field call TunStatus (but TunnelAlive has same problem)

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.25110 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.25111 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.25114 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.25115 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26846 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26850 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26856 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26860 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26865 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26869 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26870 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26871 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26898 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26901 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26939 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26951 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26953 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26955 : INTEGER: active

cisco.ciscoMgmt.ciscoIpSecFlowMonitorMIB.cipSecMIBObjects.cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunStatus.26957 : INTEGER: active

It appears there is some "index" added to this but I can't for the life of me figure out which one is which. The index numbers are consistent throughout the rest of the MIB. Also, there are FAR more tunnels then we actually have - so I don't know where the "extra" tunnels are coming from.

-----Original Message-----
From: Davis, Donald [mailto:donald.davis@firstcitizens.com]
Sent: Thursday, July 31, 2003 3:40 PM
To: Barr, Scott; nv-l@lists.tivoli.com
Subject: RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator)

Scott,
I think what you are looking for may be in this mib:
CISCO-IPSEC-FLOW-MONITOR-MIB-V1SMI.my

This was downloaded from the cisco ftp site.
I fixed a syntax error on line 135 that NetView would not compile.
IPSIpAddress ::= OCTET STRING(SIZE(4 | 16))
NetView would not compile it with the spaces around the bar.

I queried my Cisco 3000 with it and was able to retrieve tunnel status
cipSecTunnelTable.cipSecTunnelEntry.cipSecTunIkeTunnelAlive.9663 : True

Don Davis
First Citizens Bank
Raleigh, NC. 27603-3526

-----Original Message-----
From: Barr, Scott [mailto:Scott_Barr@csgsystems.com]
Sent: Thursday, July 31, 2003 11:50 AM
To: nv-l@lists.tivoli.com
Subject: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator)

Anyone have massaged versions of the Altiga MIBS that the Cisco 3030 VPN concentrator uses? And better yet, anyone have any trap documentation?

The core problem is I need to alert when the IPSEC tunnel is down. So I either need a trap or a mib variable to poll. Based on Cisco's response, I'm not sure either is possible. The tunnel is NOT an interface on the concentrator so the LinkUp/LinkDown traps don't report the status of a tunnel.

Here is what Cisco gave me back on a TAC case:

<
Problem Description: Where can I find details on what traps the VPN 3030 concentrator generates. In particular - when a IPSEC tunnel drops.

Please contact customer via email: scott_barr@csgsystems.com
>

The VPN concentrators have limited snmp support and not too many traps are supported by this device.

Please go to the following page and check all the mibs supported by the version of code your VPN 3030 is running. The newer code will include the mibs supported in prior codes.

Mib supported by VPN 3000 conenctrator
ftp://ftp.cisco.com/pub/mibs/supportlists/vpn3000/vpn3000-supportlist.html

Next go to the following page and click on the mibs that are present in the previous link .i.e that are supported by VPN 3030 and that is present on this traps page.

The mibs that are not present on this second link means that it does not have any traps.

Snmp traps in mibs
ftp://ftp.cisco.com/pub/mibs/traps

You can use

http://jaguar.ir.miami.edu/~marcus/snmptrans.html

translate and lookup mib definitions.

AFAIK, it only sends standard MIB-II traps like linkDown, linkUp etc, but you can also send VPN3000 Events
as SNMP traps (these Events are NOT defined in any MIBs). So the Altiga MIBs don't actually have any traps defined.

Verify the VPN3000 SNMP configuration.

Reference Volume I:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/index.htm

Configuration | System | Management Protocols | SNMP
Configuration | System | Events | General
Events to Trap
Configuration | System | Events | Classes
Configuration | System | Events | Trap Destinations

---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)

------------------------------------------------------------------------------
This electronic mail and any files transmitted with it are confidential and are intended solely for the use of individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering the electronic mail to the intended recipient, be advised that you have received this electronic mail in error and that any use, dissemination, forwarding, printing, or copying of this electronic mail is strictly prohibited. If you have received this electronic mail in error, please immediately notify the sender by return mail.
==============================================================================

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator), Barr, Scott RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator), Davis, Donald <= RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator), Barr, Scott

Previous by Date:	RE: [nv-l] Loading SNMP v2 MIBs, Edwards, JT - ESM
Next by Date:	RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator), Barr, Scott
Previous by Thread:	RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator), Barr, Scott
Next by Thread:	RE: [nv-l] Altiga MIBS / TRAPS (read: Cisco VPN Concentrator), Barr, Scott
Indexes:	[Date] [Thread] [Top] [All Lists]