Cisco VPN Tunnel showing wrong uptime

Hello,

I am using cisco_vpn_tunnel version 20220119.v0.3. I am observing that when IPSec uptime crosses 50 days then it doesn’t show more than 50 days. The value stuck in 49 days 17 hours. Here is the screenshot.

image

I am also sharing the OID of my device here below:

.1.3.6.1.4.1.9.9.171.1.3.2.1.10.142 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.173 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.182 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.240 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.732 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.3465 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.3466 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.6062 = INTEGER: 429496729
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.6189 = INTEGER: 423166091
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.7648 = INTEGER: 319571861
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.7896 = INTEGER: 301526745
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9100 = INTEGER: 222596198
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9563 = INTEGER: 189427789
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9681 = INTEGER: 180112513
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9913 = INTEGER: 163915765
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.9943 = INTEGER: 158859641
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11113 = INTEGER: 56639440
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11218 = INTEGER: 50622270
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11327 = INTEGER: 42234129
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11340 = INTEGER: 41294535
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11341 = INTEGER: 41256163
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11354 = INTEGER: 38357620
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11602 = INTEGER: 6511594
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11607 = INTEGER: 5686791
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11675 = INTEGER: 216062
.1.3.6.1.4.1.9.9.171.1.3.2.1.10.11676 = INTEGER: 22671

as far as I see your device is reporting 49 days only.

429496729 / 100 / 60 / 60 / 24 = 49,71 days

so maybe a new firmeware for your device will help.

from the MIB description:

"The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds."

Thanks for your observation brother. I will look into this.

Hi.

Did you try SNMP V2 or V3 to get the 64Bit counter. SNMP V1 can only 32 Bit counter and it looks that the limit is reached.

RG, Christian

1 Like

There are no 64bit counters for this value available. The maximum value this counter can have are 2147483647.
That means the maximum shown time would be 248 days.
If this device only shows 50 days then it is a firmware bug on the device.

From the definition of the MIB

TimeInterval	 
A period of time, measured in units of 0.01 seconds.
TEXTUAL-CONVENTION		 	 
 	INTEGER	0..2147483647

cipSecTunActiveTime	1.3.6.1.4.1.9.9.171.1.3.2.1.10
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
Status: current	Access: read-only
OBJECT-TYPE		 	 
 	TimeInterval

Hello Christian, I have provided the output of V2.

Hi.

looks like that cisco has reached the counter limit. The value point to the maximun of unsigned long integer. This is set by the cisco firmeware, and you should contact cisco for that reason.

RG, Christian

The counter limit is higher with 248 days like i mentioned it in my post.
This is more like a firmware bug.

1 Like

Thanks for your reply. I am contacting with Cisco regarding this.