SNMP Cisco VPN-Tunnesl missing

praetorianer · November 5, 2021, 12:36pm

hi I have trouble seeing all VPN-Tunnels on a Cisco Adaptive Security Appliance Version 9.14(2)15
we are using Check_MK version 1.6.0p24

I get some tunnels but not all, if I do a cmk -IIvvv ciscoasa i get

 11 cisco_asa_conn
  1 cisco_asa_connections
  1 cisco_asa_failover
  1 cisco_asa_svcsessions
  6 cisco_cpu_multiitem
  5 cisco_mem_asa64
  5 cisco_vpn_tunnel
 26 if
  1 snmp_info
  1 snmp_uptime

sometimes

 11 cisco_asa_conn     
1 cisco_asa_connections                                                                                                                                                            1 cisco_asa_failover                     
1 cisco_asa_svcsessions              
6 cisco_cpu_multiitem     
5 cisco_mem_asa64                   
11 cisco_vpn_tunnel              
26 if      
1 snmp_info            
1 snmp_uptime

there should be 18 tunnels!!!

I run different SNMP walk on cli

snmpwalk -v2c -t5 -Ot -c secret ciscoasa and get 2579 lines
snmpbulkwalk -v2c -Cr90 -t120 -c secret ciscoasa and get 2579 lines
snmpwalk -v1 -t50 -OT -c secret ciscoasa and get 2430 lines

but the > /omd/sites/master/var/check_mk/snmpwalks/ciscoasa. has 10595 lines

the job over GUI to fetch the walk got 10595 lines as well.

Does someone have a clue why I am missing the tunnel information?
TY

praetorianer · November 5, 2021, 12:53pm

and yes it tried to simulate the run over the local file without success

andreas-doehler · November 5, 2021, 3:16pm

All the tunnels are up at the moment?
The service discovery will only find tunnels who have a remote IP.

You can inspect this with an snmpwalk over the OID .1.3.6.1.4.1.9.9.171.1.2.3.1.7

That your snmpwalks differ from the CMK snmpwalk is clear as your snmpwalk don’t get the enterprise OIDs. The 2.5k lines are only the MIB-2 OIDs.

praetorianer · November 8, 2021, 8:40am

hi Andreas
yes, the tunnels are up and your provided string gets me all tunnels that are there at the moment.

praetorianer · November 15, 2021, 12:16pm

my network team informed me that after a reboot of the cisco asa now all are visible.

I am still confused bit no need to investigate more here

TY @andreas-doehler

system · November 15, 2022, 12:17pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.