snmp polling across firewalls

Roy Lindo — Tue, 12 Mar 2019 03:15:25 GMT

I have an issue with my firewalls polling my snmp stations. The issue is that my smnp server is unable to poll a connected interface on the firewall on a different network. We are using two /24 networks across a managed connection for redundancy purposes. At either end of the managed connection there is an asa firewall, the firewalls are configured with /24 networks. There is a snmp server on one of the /24 network on either side of managed connection, the servers default gateway points to the firewall connected interface i.e snmp server 1 has an IP address of 10.10.30.13/24 and a gateway of 10.10.30.1 (firewall 1) and snmp server 2 on the other side of the managed connection has a ip address of 10.10.31.13/24 and a gateway of 10.10.31.1(firewall 2), the .1 addresses are the physical interfaces on the friewalls. There is a transit network configured between the firewalls to allow for the routing of traffic between the 10.10.30/24 and 10.10.31/24 networks. The transit network has an interface with an IP address 10.10.222.1/31 on the firewall on the left side (firewall 1) of the managed connection and an IP address of 10.10.222.2/31 on the firewall on the right side (firewall 2) of the managed connection. Routes have been set up on the firewalls to the 10.10.30.0/24 and 10.10.31.0/24 via the transit network.

The problem I am having is that the snmp server at 10.10.30.13/24 is not able to poll the firewall interface 10.10.31.1 (firewall 2) and the server at 10.10.31.13 is also not able to poll the firewall interface at 10.10.30.1 (firewall 1)

The routing and snmp configuration is listed below:

Firewall 1

route

10.10.31.0/24 via 10.10.222.1

Snmp config

Listerning port 161

snmp host access list

interface_name 10.10.30.13, community string, snmp version 2c, poll/trap, port 162

A any any access rule is used on the transit interface on either side of the connection

and a access list has been configured on 10.10.30.1 interface which allows snmp traffic from 10.10.31.13

Firewall 2

route

10.10.30.0/24 via 10.10.222.2

Snmp config

Listerning port 161

snmp host access list

interface_name 10.10.31.13, community string, snmp version 2c, poll/trap, port 162

A any any access rule is used on the transit interface on either side of the connection

and a access list has been configured on 10.10.31.1 interface which allows snmp traffic from 10.10.30.13

I have been looking at this problem for sometime without much success, can you kindly help

snmp polling across firewalls

Julio Carvajal — Tue, 10 Dec 2013 17:11:26 GMT

Hello Roy,

Do you mean it's not able to get data for that interface???

Or do you mean you are trying to connect to that IP address?? Cause if that is the case it will never happen as you cannot contact a distant interface (If I am on inside I can ping , ssh, telnet inside but If I will never be able to contac the DMZ interface IP address or outside,etc)

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

snmp polling across firewalls

Roy Lindo — Tue, 10 Dec 2013 21:54:20 GMT

Hello julio,

I am not getting data. I would have thought it possible for the snmp server to poll the firewall interface. I am not seeing any hits on the rule for the cross site connection i.e the snmp server 1 to firewall 2 or snmp server 2 to firewall 1

topic snmp polling across firewalls in Network Security

snmp polling across firewalls

snmp polling across firewalls

snmp polling across firewalls