Monitor ASA VPN sessions via SNMP

This took me way too long to research so I’m putting this here in case anyone can use it.

I have an ASA 5520 that is used for IPSEC, Anyconnect, and Clientless WebVPN vpn clients. I was asked to track total # of sessions for the migration of licenses. Since there was a Nagios Monitor onsite, I hoped to add an snmp check for the total number of WebVPN sessions (Anyconnect and clientless).

Cisco has the ASA MIBs located here:
ftp://ftp.cisco.com/pub/mibs/supportlists/asa/asa-supportlist.html

The oid values you need are as follows:

crasIPSecNumSessions .1.3.6.1.4.1.9.9.392.1.3.26.
crasWebvpnNumSessions .1.3.6.1.4.1.9.9.392.1.3.35.

Drop the MIB into the shared mib folder on the nagios host in usrsharesnmpmibs
I had some issues with the Cisco MIB, I haven’t tried on another nagios host yet, but the OID values worked just fine for my purposes.

In nagios, create the check_snmp lookup, I opted for a new command:

 define command{
        command_name    check_snmp_cisco_oid
        command_line    $USER1$/check_snmp -H $HOSTADDRESS$ -P 2c -C communityname -o $ARG1$ -w $ARG2$ -c $ARG3$
        }

Then define the services for the host:

define service{
        use                     generic-service
        host_name               ASA5520
        service_description     Total Number of Web SSL VPN sessions
        check_command           check_snmp_cisco_oid!.1.3.6.1.4.1.9.9.392.1.3.35.0!50!75
        }
define service{
        use                     generic-service
        host_name               ASA5520
        service_description     Total Number of IPSEC VPN sessions  
        check_command           check_snmp_cisco_oid!.1.3.6.1.4.1.9.9.392.1.3.26.0      
        }