Is there a way to graph the number of established Cisco AnyConnect sessions over time. I currently have two Cisco ASA5545s providing remote access to our users. With more people working remotely and an exception for the number to increase I’d like to be able to provide my management a graph of the number of users connected using the AnyConnect Client over time. LibreNMS does show the number of active IPSec tunnels already. Wondering if anyone else has had any luck in graphing AnyConnect sessions and could provide assistance.
At my workplace, I’ve managed to create a graph of VPN sessions over time using a graph type called device_cras_sessions. Although, with two devices, if you want them summed, you might have to use an external image for your dashboard panel. If you’re not sure how to do that, make a graph for one of your ASA’s with the settings you like, and then right click on the graph and Copy the image location. Use this link, and append the id number of the second ASA to the first device ID number with %2C separating the two.
Example - Call the external image with the following path, starting with graph.php:
graph.php?device=2073%2C&from=1583938079&to=1584024479&width=906.6666&height=355.6666&type=device_cras_sessions&legend=yes&absolute=1
If you are looking for Anyconnect session monitoring on ASA, LibreNMS will create “Remote Access Session” automatically.
In my case, I just noticed LibreNMS didn’t create this graph automatically for ASAv, so I draw the graph by using “1.3.6.1.4.1.9.9.392.1.3.35” this custom OID.
Thank you for the advice. I should have been more clear. The ASAs are in an active /standby failover configuration. So we shouldn’t need to sum them as you described. But thanks for that info. Definitely could be useful. I went ahead and created a graph of device_cras_sessions and received an error drawing the graph. Another user mentioned that LibreNMS would automatically create “Remote Access Session”. It didn’t. I could have sworn it had in the past though.
It seems to work fine for me using custom OID of 1.3.6.1.4.1.9.9.392.1.3.35.0
The OID of 1.3.6.1.4.1.9.9.392.1.3.35.0 got us where we needed to be. Thank you all!
Could you post details on how and where you added the custom oids?
Would this be replaced on librenms update?
Thanks
ok found that this module was not enabled in LibreNMS GUI (i have modules defined in librenms.conf based on device). Enabled it on GUI and graphs show up. No requirement to add a custom OID.
1 Like
In my case, the reason why connection graph didn’t show up is caused by feature missing. Please below link for your reference, thank you!
I did a PR #11355 which is merged to master. I learned that there was no ASA Testdata before, so please import the data of your models, too. 
Hi, may I know what kind of data that I need to import for your reference?
I’m not sure is below data can be satisfied your requirement, thank you!
Sorry, that was a little vague. We need test data from other Cisco ASA variants to be able to test future changes better so that future changes will Not break your device monitoring.
After this change i get “errors” on every discovery run. Am i the only one?
For example:
Sensor Updated: count asa crasIPSecNumSessions.0 Active LAN to LAN sessions
Looks like the discovery is putting other values in the database than the poller. Need to find some time to investigate further.
Hello,
I don’t want to look tiring, but I’m looking for the same with a Vyatta based Ubiquiti gateway.
If anyone can help me. Regards
PS : My bad french X)