Cisco VPN Tunnel showing wrong uptime

shafiullah · July 26, 2022, 4:56am

Hello,

I am using cisco_vpn_tunnel version 20220119.v0.3. I am observing that when IPSec uptime crosses 50 days then it doesn’t show more than 50 days. The value stuck in 49 days 17 hours. Here is the screenshot.

I am also sharing the OID of my device here below:

.1.3.6.1.4.1.9.9.171.1.3.2.1.10.142 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.173 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.182 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.240 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.732 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.3465 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.3466 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.6062 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.6189 = INTEGER: 423166091
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.7648 = INTEGER: 319571861
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.7896 = INTEGER: 301526745
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9100 = INTEGER: 222596198
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9563 = INTEGER: 189427789
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9681 = INTEGER: 180112513
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9913 = INTEGER: 163915765
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9943 = INTEGER: 158859641
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11113 = INTEGER: 56639440
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11218 = INTEGER: 50622270
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11327 = INTEGER: 42234129
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11340 = INTEGER: 41294535
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11341 = INTEGER: 41256163
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11354 = INTEGER: 38357620
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11602 = INTEGER: 6511594
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11607 = INTEGER: 5686791
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11675 = INTEGER: 216062
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11676 = INTEGER: 22671

thl-cmk · July 26, 2022, 8:55am

as far as I see your device is reporting 49 days only.

429496729 / 100 / 60 / 60 / 24 = 49,71 days

so maybe a new firmeware for your device will help.

from the MIB description:

"The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds."

shafiullah · July 26, 2022, 11:45am

Thanks for your observation brother. I will look into this.

ChristianM · July 27, 2022, 9:09am

Hi.

Did you try SNMP V2 or V3 to get the 64Bit counter. SNMP V1 can only 32 Bit counter and it looks that the limit is reached.

RG, Christian

andreas-doehler · July 27, 2022, 1:25pm

There are no 64bit counters for this value available. The maximum value this counter can have are 2147483647.
That means the maximum shown time would be 248 days.
If this device only shows 50 days then it is a firmware bug on the device.

From the definition of the MIB

TimeInterval	 
A period of time, measured in units of 0.01 seconds.
TEXTUAL-CONVENTION		 	 
 	INTEGER	0..2147483647


cipSecTunActiveTime	1.3.6.1.4.1.9.9.171.1.3.2.1.10
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
Status: current	Access: read-only
OBJECT-TYPE		 	 
 	TimeInterval

shafiullah · August 3, 2022, 12:03pm

Hello Christian, I have provided the output of V2.

ChristianM · August 4, 2022, 8:51am

Hi.

looks like that cisco has reached the counter limit. The value point to the maximun of unsigned long integer. This is set by the cisco firmeware, and you should contact cisco for that reason.

RG, Christian

andreas-doehler · August 4, 2022, 9:10am

The counter limit is higher with 248 days like i mentioned it in my post.
This is more like a firmware bug.

shafiullah · August 4, 2022, 9:14am

Thanks for your reply. I am contacting with Cisco regarding this.