Cisco VPN Tunnel showing wrong uptime

General
,
1

Hello,

I am using cisco_vpn_tunnel version 20220119.v0.3. I am observing that when IPSec uptime crosses 50 days then it doesn’t show more than 50 days. The value stuck in 49 days 17 hours. Here is the screenshot.

image

I am also sharing the OID of my device here below:

.1.3.6.1.4.1.9.9.171.1.3.2.1.10.142 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.173 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.182 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.240 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.732 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.3465 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.3466 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.6062 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.6189 = INTEGER: 423166091
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.7648 = INTEGER: 319571861
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.7896 = INTEGER: 301526745
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9100 = INTEGER: 222596198
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9563 = INTEGER: 189427789
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9681 = INTEGER: 180112513
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9913 = INTEGER: 163915765
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9943 = INTEGER: 158859641
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11113 = INTEGER: 56639440
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11218 = INTEGER: 50622270
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11327 = INTEGER: 42234129
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11340 = INTEGER: 41294535
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11341 = INTEGER: 41256163
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11354 = INTEGER: 38357620
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11602 = INTEGER: 6511594
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11607 = INTEGER: 5686791
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11675 = INTEGER: 216062
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11676 = INTEGER: 22671

2

as far as I see your device is reporting 49 days only.

429496729 / 100 / 60 / 60 / 24 = 49,71 days

so maybe a new firmeware for your device will help.

from the MIB description:

"The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds."
3

Thanks for your observation brother. I will look into this.

4

Hi.

Did you try SNMP V2 or V3 to get the 64Bit counter. SNMP V1 can only 32 Bit counter and it looks that the limit is reached.

RG, Christian

1 Like
5

There are no 64bit counters for this value available. The maximum value this counter can have are 2147483647.
That means the maximum shown time would be 248 days.
If this device only shows 50 days then it is a firmware bug on the device.

From the definition of the MIB

TimeInterval	 
A period of time, measured in units of 0.01 seconds.
TEXTUAL-CONVENTION		 	 
 	INTEGER	0..2147483647


cipSecTunActiveTime	1.3.6.1.4.1.9.9.171.1.3.2.1.10
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
Status: current	Access: read-only
OBJECT-TYPE		 	 
 	TimeInterval
6

Hello Christian, I have provided the output of V2.

7

Hi.

looks like that cisco has reached the counter limit. The value point to the maximun of unsigned long integer. This is set by the cisco firmeware, and you should contact cisco for that reason.

RG, Christian

8

The counter limit is higher with 248 days like i mentioned it in my post.
This is more like a firmware bug.

1 Like
9

Thanks for your reply. I am contacting with Cisco regarding this.

10

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.