Spectrum does not model IPSec Tunnel interfaces for Cisco ASA (Adaptive Security Appliance) firewall devices.

Document ID : KB000005038
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

IPSec tunnel interfaces are not modeled for CiscoASA device models.

Cause:

TheCiscIPSecExtAp application model provides the intelligence for the creation of IPSec Tunnel interface models. Spectrum currently requires a device to provide data from the CISCO-IPSEC-MIB and CISCO-IPSEC-FLOW-MONITOR-MIB for the creation of the CiscIPSecExtAp application model creation. Cisco ASA devices do not provide data from the CISCO-IPSEC-MIB (the default attr is cipsIsakmpEnabled). 

Resolution:

A later version of Spectrum (tentatively 10.3) will introduce an extension to the intelligence to the Cisco ASA model type. Tunnel interfaces will be modeled using MIBs additional to the currently required CISCO-IPSEC-MIB and the dependent CiscIPSecExtAp application model creation.