https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205823#M351148 <HTML><HEAD></HEAD><BODY><P>BTW, I already had a case open with Cisco because management-access didn't work for me earlier for pings either. So I asked Cisco Tech if there was a feature to support SNMP over management-access was in flight. He pointed me to following bug ID which is not exactly the same but similar.</P><H6><A href="https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&amp;page=bstBugDetail&amp;BugID=CSCsc06844" target="_blank">CSCsc06844</A></H6><P></P><P>Since this bug ID has severity of 6, I don't know if it will ever get implemented.</P><P></P><P>Nextscreen, Juniper SRX, Palo Alto allows polling of inside interface over the tunnel so I am not sure it would not be a rocket science. It just doesn't seem to fit Cisco's priority because many people have not complained.</P></BODY></HTML> Wed, 24 Apr 2013 14:36:50 GMT smunzani 2013-04-24T14:36:50Z https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205820#M351145 <P>Hi,</P><P></P><P>I am trying to poll remote ASA firewalls across lan-to-lan VPN. With "<SPAN style="font-size: 10pt;">management-access inside" command I can ssh, telnet or ping remote ASA's inside interface without any problems. However I am unable to do the snmp polling.</SPAN></P><P></P><P>Below are my snmp commands.</P><P>snmp-server host outside 172.24.100.35 community *****</P><P>snmp-server host comcast 172.24.100.35 community *****</P><P>snmp-server community *****</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart</P><P>snmp-server enable traps syslog</P><P></P><P>Below is command I am using to test. </P><P>snmpwalk -c Tampico-R0 -v 1 10.1.55.1</P><P></P><P>10.1.55.1 is remote ASA's inside interface.</P><P>172.24.100.35 local management station.</P><P></P><P>Any pointers? How can I poll remote ASA over the VPN?</P><P></P><P>Thanks in advance,</P><P></P><P></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P> Tue, 12 Mar 2019 01:33:53 GMT https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205820#M351145 smunzani 2019-03-12T01:33:53Z https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205821#M351146 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Maybe you can check an discussion from some time ago where I tested SNMP through L2L VPN.</P><P></P><P><A _jive_internal="true" href="https://community.cisco.com/message/3603117#3603117" rel="nofollow">https://supportforums.cisco.com/message/3603117</A></P><P></P><P>I think there might be a limitation on the command "management-access". I guess it only enables ICMP and management connections to the said interface through the L2L VPN.</P><P></P><P>What I tested before and what was discussed in the above linked discussion was to use the SNMP server command with the "outside" interface AND including the "outside" IP address as part of the L2L VPN configurations so that you can use the remote ASA "outside" interface as the interface for SNMP connections.</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 24 Apr 2013 02:18:20 GMT https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205821#M351146 Jouni Forss 2013-04-24T02:18:20Z https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205822#M351147 <HTML><HEAD></HEAD><BODY><P>You are absolutely right. Management-access command seems to work for telnet, ssh and ping but no snmp. I included public interface in the encryption domain and was able to access it across the VPN. I wish Cisco fixed internal interface for snmp too to keep the VPNs simple.</P></BODY></HTML> Wed, 24 Apr 2013 02:37:58 GMT https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205822#M351147 smunzani 2013-04-24T02:37:58Z https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205823#M351148 <HTML><HEAD></HEAD><BODY><P>BTW, I already had a case open with Cisco because management-access didn't work for me earlier for pings either. So I asked Cisco Tech if there was a feature to support SNMP over management-access was in flight. He pointed me to following bug ID which is not exactly the same but similar.</P><H6><A href="https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&amp;page=bstBugDetail&amp;BugID=CSCsc06844" target="_blank">CSCsc06844</A></H6><P></P><P>Since this bug ID has severity of 6, I don't know if it will ever get implemented.</P><P></P><P>Nextscreen, Juniper SRX, Palo Alto allows polling of inside interface over the tunnel so I am not sure it would not be a rocket science. It just doesn't seem to fit Cisco's priority because many people have not complained.</P></BODY></HTML> Wed, 24 Apr 2013 14:36:50 GMT https://community.cisco.com/t5/network-security/snmpget-to-the-firewall-inside-interface-across-lan-to-lan-vpn/m-p/2205823#M351148 smunzani 2013-04-24T14:36:50Z