CISCO-REMOTE-ACCESS-MONITOR-MIB

Acronyms and        Definitions
The        following acronyms and terms are used in this
document:
        
  IPSec: Secure IP Protocol
        
  VPN:   Virtual Private Network
        
  RAS:   Remote Access Service
        
  ISP:   Internet Service Provider.
        
  LAN:   Local Area        Network
        
  Group: A collection of remote access users grouped
         and managed together as a single entity for
         administrative convenience.
        
  Session: A Remote        Access Session.
        
  SVC:    SSL VPN Client
  Webvpn: VPN connection established using web browser.
        
Overview of the MIB
        
This is a MIB Module for monitoring        the structures in Virtual
Private Networks based remote access networks. The MIB seeks
to create a        common model of        Remote Access across implementations
of the service on layer 2 (PPTP, L2TP, L2F), layer 3 (IPsec) and
layer 4 (SSL) virtual private networks. The        MIB defines counters
and        objects        of interest to performance/fault monitoring in a
way        which is independent of        the technology of the remote access
implementation.
        
MIB        contains eight major groups of objects which are used
to manage Remote Access connections:
 a)        Remote Access capacity group
      This section defines metrics to gauge        the limits of
      resources on this device which are critical to RAS
      service.
        
 b)        Remote Access resource usage group
      This section defines metrics to gauge        the usage of
      resources on this device which are critical to RAS
      service service.
        
 c)        Current        activity and performance of RAS        service
      This section defines metrics to gauge        the current
      remote access        activity.
        
 d)        Remote Access Service failures
      This section defines metrics to monitor session
      failures and failures        of the service itself, measured
      at aggregate level, session level and        group level.
        
 e)        Security violations in the Remote Access service
      This section defines metrics which reflect the state
      of remote access service of interest to Security
      Operations staff in an enterprise.
        
 f)        Threshold group        (allows        definition of high water marks)
      This section allows the management entity to define
      thresholds to        set high water marks on        critical metrics.
        
 g)        Notifications
      This section defines notifications to        signal
      significant events pertaining        to the Remote Access
      Service.

Imported Objects

ciscoMgmt	CISCO-SMI
InetAddress, InetAddressType	INET-ADDRESS-MIB
SnmpAdminString	SNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP	SNMPv2-CONF
Unsigned32, zeroDotZero, MODULE-IDENTITY, Integer32, Gauge32, Counter64, Counter32, NOTIFICATION-TYPE, OBJECT-TYPE	SNMPv2-SMI
TEXTUAL-CONVENTION, TimeStamp, TruthValue	SNMPv2-TC

Type Definitions (9)

Name	Base Type	Values/Constraints
FailureRecordIndex	Unsigned32	range: 1..4294967295
RasProtocol	Enumeration	other(1), ipsec(2), l2tp(3), l2tpoveripsec(4), pptp(5), l2f(6), ssl(7)
SessionAuthAlgo	Enumeration	none(1), other(2), hmacMd5(3), hmacSha(4)
SessionCompressionAlgo	Enumeration	none(1), other(2), lzs(3)
SessionEncrAlgo	Enumeration	none(1), des(2), des3(3), rc4(4), rc5(5), idea(6), cast(7), blowfish(8), aes(9)
SessionIndex	Integer32	range: 1..2147483647
SessionStatus	Enumeration	initializing(1), established(2), terminating(3)
UserAuthenMethod	Enumeration	none(1), other(2), radius(3), tacacsplus(4), kerberos(5), local(6), ldap(7), ntlm(8), sdi(9)
UserAuthorMethod	Enumeration	none(1), other(2), radius(3), tacacsplus(4), kerberos(5), local(6), ldap(7)

Objects

ciscoRemoteAccessMonitorMIB		.1.3.6.1.4.1.9.9.392
ciscoRasMonitorMIBNotifs		.1.3.6.1.4.1.9.9.392.0
ciscoRasMonitorMIBObjects		.1.3.6.1.4.1.9.9.392.1
crasCapacity		.1.3.6.1.4.1.9.9.392.1.1
crasMaxSessionsSupportable	Sessions Integer32	.1.3.6.1.4.1.9.9.392.1.1.1
crasMaxUsersSupportable	Users Integer32	.1.3.6.1.4.1.9.9.392.1.1.2
crasMaxGroupsSupportable	Groups Integer32	.1.3.6.1.4.1.9.9.392.1.1.3
crasNumCryptoAccelerators	Users Integer32	.1.3.6.1.4.1.9.9.392.1.1.4
crasResourceUsage		.1.3.6.1.4.1.9.9.392.1.2
crasGlobalBwUsage	MBytes/second SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.2.1
crasActivity		.1.3.6.1.4.1.9.9.392.1.3
crasNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.1
crasGlobalOutUncompOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.10
crasGlobalInDropPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.11
crasGlobalOutDropPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.12
crasNumPrevSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.2
crasSessionTable		.1.3.6.1.4.1.9.9.392.1.3.21
crasSessionEntry	crasUsername crasSessionIndex	.1.3.6.1.4.1.9.9.392.1.3.21.1
crasUsername	OctetString	.1.3.6.1.4.1.9.9.392.1.3.21.1.1
crasISPAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.10
crasSessionProtocol	RasProtocol	.1.3.6.1.4.1.9.9.392.1.3.21.1.11
crasProtocolElement	ObjectIdentifier	.1.3.6.1.4.1.9.9.392.1.3.21.1.12
crasSessionEncryptionAlgo	SessionEncrAlgo	.1.3.6.1.4.1.9.9.392.1.3.21.1.13
crasSessionPktAuthenAlgo	SessionAuthAlgo	.1.3.6.1.4.1.9.9.392.1.3.21.1.14
crasSessionCompressionAlgo	SessionCompressionAlgo	.1.3.6.1.4.1.9.9.392.1.3.21.1.15
crasHeartbeatInterval	Seconds Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.21.1.16
crasClientVendorString	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.3.21.1.17
crasClientVersionString	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.3.21.1.18
crasClientOSVendorString	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.3.21.1.19
crasGroup	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.3.21.1.2
crasClientOSVersionString	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.3.21.1.20
crasPrimWINSServerAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.21
crasPrimWINSServer	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.22
crasSecWINSServerAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.23
crasSecWINSServer	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.24
crasPrimDNSServerAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.25
crasPrimDNSServer	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.26
crasSecDNSServerAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.27
crasSecDNSServer	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.28
crasDHCPServerAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.29
crasSessionIndex	SessionIndex	.1.3.6.1.4.1.9.9.392.1.3.21.1.3
crasDHCPServer	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.30
crasSessionInPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.21.1.31
crasSessionOutPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.21.1.32
crasSessionInDropPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.21.1.33
crasSessionOutDropPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.21.1.34
crasSessionInOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.21.1.35
crasSessionOutOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.21.1.36
crasSessionState	SessionStatus	.1.3.6.1.4.1.9.9.392.1.3.21.1.37
crasAuthenMethod	UserAuthenMethod	.1.3.6.1.4.1.9.9.392.1.3.21.1.4
crasAuthorMethod	UserAuthorMethod	.1.3.6.1.4.1.9.9.392.1.3.21.1.5
crasSessionDuration	SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.21.1.6
crasLocalAddressType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.7
crasLocalAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.3.21.1.8
crasISPAddressType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.3.21.1.9
crasActGroupTable		.1.3.6.1.4.1.9.9.392.1.3.22
crasActGroupEntry	crasActGrpName	.1.3.6.1.4.1.9.9.392.1.3.22.1
crasActGrpName	OctetString	.1.3.6.1.4.1.9.9.392.1.3.22.1.1
crasActGrNumUsers	Integer32	.1.3.6.1.4.1.9.9.392.1.3.22.1.2
crasActGrpInPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.22.1.3
crasActGrpOutPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.22.1.4
crasActGrpInDropPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.22.1.5
crasActGrpOutDropPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.22.1.6
crasActGrpInOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.22.1.7
crasActGrpOutOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.22.1.8
crasEmailNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.23
crasEmailCumulateSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.24
crasEmailPeakConcurrentSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.25
crasIPSecNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.26
crasIPSecCumulateSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.27
crasIPSecPeakConcurrentSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.28
crasL2LNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.29
crasNumUsers	Users SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.3
crasL2LCumulateSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.30
crasL2LPeakConcurrentSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.31
crasLBNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.32
crasLBCumulateSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.33
crasLBPeakConcurrentSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.34
crasSVCNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.35
crasSVCCumulateSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.36
crasSVCPeakConcurrentSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.37
crasWebvpnNumSessions	Sessions SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.38
crasWebvpnCumulateSessions	Sessions SNMPv2-SMICounter32	.1.3.6.1.4.1.9.9.392.1.3.39
crasNumGroups	Groups SNMPv2-SMIGauge32	.1.3.6.1.4.1.9.9.392.1.3.4
crasWebvpnPeakConcurrentSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.40
crasNumPeakSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.3.41
crasGlobalInPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.5
crasGlobalOutPkts	Packets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.6
crasGlobalInOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.7
crasGlobalInDecompOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.8
crasGlobalOutOctets	Octets SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.3.9
crasFailures		.1.3.6.1.4.1.9.9.392.1.4
crasFailuresGlobals		.1.3.6.1.4.1.9.9.392.1.4.1
crasNumTotalFailures	SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.1.1
crasNumDeclinedSessions	Sessions Unsigned32	.1.3.6.1.4.1.9.9.392.1.4.1.2
crasNumSetupFailInsufResources	Sessions SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.1.3
crasNumAbortedSessions	Sessions SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.1.4
crasFailGlobalCntl		.1.3.6.1.4.1.9.9.392.1.4.2
crasFailTableSize	Unsigned32	.1.3.6.1.4.1.9.9.392.1.4.2.1
crasSessFailures		.1.3.6.1.4.1.9.9.392.1.4.3
crasSessFailTable		.1.3.6.1.4.1.9.9.392.1.4.3.1
crasSessFailEntry	crasSessFailIndex	.1.3.6.1.4.1.9.9.392.1.4.3.1.1
crasSessFailIndex	FailureRecordIndex	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.1
crasSessFailLocalAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.10
crasSessFailLocalAddr	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.11
crasSessFailUsername	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.2
crasSessFailGroupname	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.3
crasSessFailType	Enumeration	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.4
crasSessFailReason	Enumeration	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.5
crasSessFailTime	SNMPv2-TCTimeStamp	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.6
crasSessFailSessionIndex	SessionIndex	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.7
crasSessFailISPAddrType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.8
crasSessFailISPAddr	INET-ADDRESS-MIBInetAddress	.1.3.6.1.4.1.9.9.392.1.4.3.1.1.9
crasFailLastFailIndex	FailureRecordIndex	.1.3.6.1.4.1.9.9.392.1.4.3.2
crasGroupFailures		.1.3.6.1.4.1.9.9.392.1.4.4
crasGrpFailTable		.1.3.6.1.4.1.9.9.392.1.4.4.1
crasGrpFailEntry	crasGrpFailGroupname	.1.3.6.1.4.1.9.9.392.1.4.4.1.1
crasGrpFailGroupname	OctetString	.1.3.6.1.4.1.9.9.392.1.4.4.1.1.1
crasGrpFailNumFailAuths	SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.4.1.1.2
crasGrpFailNumResourceFailures	SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.4.1.1.3
crasGrpFailNumDeclined	SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.4.1.1.4
crasGrpFailNumTerminatedMgmt	SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.4.1.1.5
crasGrpFailNumTerminatedOther	SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.4.4.1.1.6
crasSecurity		.1.3.6.1.4.1.9.9.392.1.5
crasSecurityGlobals		.1.3.6.1.4.1.9.9.392.1.5.1
crasNumDisabledAccounts	Users SNMPv2-SMICounter64	.1.3.6.1.4.1.9.9.392.1.5.1.1
crasThresholds		.1.3.6.1.4.1.9.9.392.1.6
crasThrMaxSessions	Sessions Integer32	.1.3.6.1.4.1.9.9.392.1.6.1
crasThrMaxFailedAuths	Unsigned32	.1.3.6.1.4.1.9.9.392.1.6.2
crasThrMaxThroughput	Octets Per Second Integer32	.1.3.6.1.4.1.9.9.392.1.6.3
crasNotifCntl		.1.3.6.1.4.1.9.9.392.1.7
crasCntlTooManySessions	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.392.1.7.1
crasCntlTooManyFailedAuths	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.392.1.7.2
crasCntlTooHighThroughput	SNMPv2-TCTruthValue	.1.3.6.1.4.1.9.9.392.1.7.3
ciscoRasMonitorMIBConform		.1.3.6.1.4.1.9.9.392.2
ciscoRasMonitorMIBCompliances		.1.3.6.1.4.1.9.9.392.2.1
ciscoRasMonitorMIBGroups		.1.3.6.1.4.1.9.9.392.2.2

Notifications/Traps

Name	OID	Description
ciscoRasTooManySessions crasNumSessions crasNumUsers crasMaxSessionsSupportable crasMaxUsersSupportable crasThrMaxSessions	.1.3.6.1.4.1.9.9.392.0.1	ication is generated when the managed entity detects that the number of sessions established exceeds the set threshold crasThrMaxSessions. Once the notification has been issued, further notifications are suppressed till the value returns below the specified threshold.
ciscoRasTooManyFailedAuths crasNumDeclinedSessions crasThrMaxFailedAuths	.1.3.6.1.4.1.9.9.392.0.2	ication is generated when the managed entity detects that the number of login attempts (over all users) exceeds the set threshold for throughput (crasThrMaxFailedAuths). Once the notification has been issued, further notifications are suppressed till the value returns below the specified threshold.
ciscoRasTooHighThroughput crasGlobalInOctets crasGlobalOutOctets crasThrMaxThroughput	.1.3.6.1.4.1.9.9.392.0.3	ication is generated when the managed entity detects that the current throughput of the device exceeds the set threshold for throughput (crasThrMaxThroughput). Once the notification has been issued, further notiifcations are suppressed till the value returns below the specified threshold.

Name

OID

Description

ciscoRasTooManySessions
crasNumSessions
crasNumUsers
crasMaxSessionsSupportable
crasMaxUsersSupportable
crasThrMaxSessions

.1.3.6.1.4.1.9.9.392.0.1

ication is generated when the managed entity
detects that the number of sessions established exceeds
the set threshold crasThrMaxSessions.
          
Once the notification        has been issued, further
notifications        are suppressed till the        value returns
below        the specified threshold.

ciscoRasTooManyFailedAuths
crasNumDeclinedSessions
crasThrMaxFailedAuths

.1.3.6.1.4.1.9.9.392.0.2

ication is generated when the managed entity
detects that the number of login attempts (over all
users) exceeds the set threshold for throughput
(crasThrMaxFailedAuths).
          
Once the notification        has been issued, further
notifications        are suppressed till the        value returns
below        the specified threshold.

ciscoRasTooHighThroughput
crasGlobalInOctets
crasGlobalOutOctets
crasThrMaxThroughput

.1.3.6.1.4.1.9.9.392.0.3

ication is generated when the        managed        entity
detects that the        current        throughput of the device exceeds
the set threshold for throughput        (crasThrMaxThroughput).
          
Once the        notification has been issued, further
notiifcations are suppressed till the value returns
below the specified threshold.