https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968012#M161354 <P>hi,</P> <P>the 'management' interface usually responds to traffic where the ASA itself is the destination (i.e. ping, SSH, etc), but can't pass any transit traffic through the ASA to or from another interface. do you have this line under 'management' interface?</P> <P><EM>no management-only</EM></P> Tue, 26 Jul 2016 01:59:38 GMT johnlloyd_13 2016-07-26T01:59:38Z https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968011#M161353 <P>I recently replaced a pair of 5510s with 5520s going from 8.2 to 9.1. Aside from ACLs being cleaned WAY up, that's the only thing that's really changed here. The 5510s worked fine in NMS (Orion), but the 5520s will not.</P> <P>SNMP in this case goes over a site to site tunnel (remote location) on an interface labeled management:</P> <P></P> <P>snmp-server host management 10.71.127.73 community *****&nbsp;<BR />snmp-server community *****<BR />snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart<BR />snmp-server enable traps ipsec start stop<BR />snmp-server enable traps entity config-change fru-insert fru-remove<BR />snmp-server enable traps remote-access session-threshold-exceeded</P> <P></P> <P>GigabitEthernet0/2.100 &nbsp; management &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10.0.100.254 &nbsp; &nbsp;255.255.255.0 &nbsp; CONFIG</P> <P></P> <P>access-list CardAccessVPN extended permit ip 10.0.100.0 255.255.255.0 10.71.127.0 255.255.255.0 (tunnel ACL)</P> <P></P> <P>NMS is on 10.71.127.73</P> <P></P> <P>I have the switch stack at this location (<SPAN style="color: #00ff00;">10.0.100.11</SPAN>) polling just fine.</P> <P></P> <P>I can see this at least:</P> <P></P> <P>UDP outside 10.71.127.73:56514 management 10.0.100.254:161, idle 0:00:00, bytes 45, flags - <BR /> UDP outside 10.71.127.73:56768 management 10.0.100.254:161, idle 0:00:01, bytes 192, flags - <BR /> UDP outside 10.71.127.73:58258 management 10.0.100.254:161, idle 0:00:05, bytes 147, flags -</P> <P><SPAN style="color: #00ff00;">UDP outside 10.71.127.73:57766 management 10.0.100.11:161, idle 0:00:13, bytes 6724, flags - </SPAN><BR /><SPAN style="color: #00ff00;"> UDP outside 10.71.127.73:61260 management 10.0.100.11:161, idle 0:00:21, bytes 86, flags - </SPAN></P> <P>Community and version match what I'm polling with on NMS - like I said, the "base" configs are the same. I cannot snmp walk the device either outside of Orion.</P> <P></P> <P>I've tried removing and re-adding the node in Orion, but no luck.</P> <P></P> <P></P> Tue, 12 Mar 2019 08:03:29 GMT https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968011#M161353 richard.schultz1 2019-03-12T08:03:29Z https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968012#M161354 <P>hi,</P> <P>the 'management' interface usually responds to traffic where the ASA itself is the destination (i.e. ping, SSH, etc), but can't pass any transit traffic through the ASA to or from another interface. do you have this line under 'management' interface?</P> <P><EM>no management-only</EM></P> Tue, 26 Jul 2016 01:59:38 GMT https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968012#M161354 johnlloyd_13 2016-07-26T01:59:38Z https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968013#M161355 <P>John,</P> <P></P> <P>"management" in this case is really just a moniker for our management vlan(s), not the actual management interface itself.</P> <P></P> <P>On this network it's the firewall itself as the gateway, a 3850 switch stack, a KVM, and a Cyclades.</P> <P></P> <P>The switch stack 10.0.100.11 responds to SNMP from 10.71.127.73 just fine, but the ASA 10.0.100.254 is no longer responding to them where as it used to prior to replacing hardware.</P> Tue, 26 Jul 2016 02:35:17 GMT https://community.cisco.com/t5/network-security/asa-5520-does-not-respond-to-snmp/m-p/2968013#M161355 richard.schultz1 2016-07-26T02:35:17Z