https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432436#M712822 <HTML><HEAD></HEAD><BODY><P>Hi Sfanayei,</P><P></P><P>Ok. So I believe you have the static transaltion like this:</P><P></P><P>static (inside,outside) <SPAN lang="EN">192.34.44.1 10.99.1.1</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">And, you want the external host 130.223.14.1 to coummunicate with your interanl host over snmp, right? Here is the conduit you would need in that case:</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">conduit permit udp host 192.34.44.1 eq snmp host 130.223.14.1</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">Regards,</SPAN></P><P><SPAN lang="EN">Ashu.</SPAN></P></BODY></HTML> Wed, 28 Apr 2010 12:10:43 GMT astripat 2010-04-28T12:10:43Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432433#M712819 <P>Hi Dear</P><P></P><P>I have a internal host "10.96.x.x / 192.38.x.x" that i want to comminucate with an external host "130.100.x.x" through my firewall. how can I alow with Condit command for those hosts to communicate with each other with snmp protocoll?</P><P></P><P>Tanks in advance</P><P>Sfanayei</P> Mon, 11 Mar 2019 17:37:23 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432433#M712819 sfanayei 2019-03-11T17:37:23Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432434#M712820 <HTML><HEAD></HEAD><BODY><P>Hi Sfanayei,</P><P></P><P>I believe you want 10.96.1.1 and 192.168.1.1 to communicate with 130.100.1.1 over snmp. Here is the conduit command required for the same:</P><P></P><P>conduit permit udp host 130.100.1.1 eq snmp host 10.96.1.1</P><P>conduit permit udp host 130.100.1.1 eq snmp host 192.168.1.1</P><P></P><P>Regards,</P><P>Ashu</P></BODY></HTML> Tue, 27 Apr 2010 19:20:42 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432434#M712820 astripat 2010-04-27T19:20:42Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432435#M712821 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Tanks a lot for your reply, but the scenario is in this way:</P><P>My internal host "10.99.1.x" is translated to external ip adresse "192.34.44.x" in my firewall. And there is a external host with ip adress "130.223.14.x" who I want to communicate with snmp to my host through my firewall..</P><P></P><P>Tanks again</P><P>Sfanayei</P></BODY></HTML> Wed, 28 Apr 2010 12:06:31 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432435#M712821 sfanayei 2010-04-28T12:06:31Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432436#M712822 <HTML><HEAD></HEAD><BODY><P>Hi Sfanayei,</P><P></P><P>Ok. So I believe you have the static transaltion like this:</P><P></P><P>static (inside,outside) <SPAN lang="EN">192.34.44.1 10.99.1.1</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">And, you want the external host 130.223.14.1 to coummunicate with your interanl host over snmp, right? Here is the conduit you would need in that case:</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">conduit permit udp host 192.34.44.1 eq snmp host 130.223.14.1</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">Regards,</SPAN></P><P><SPAN lang="EN">Ashu.</SPAN></P></BODY></HTML> Wed, 28 Apr 2010 12:10:43 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432436#M712822 astripat 2010-04-28T12:10:43Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432437#M712823 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>That was helpful:)</P><P></P><P>Sfanayei</P></BODY></HTML> Wed, 28 Apr 2010 12:13:00 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432437#M712823 sfanayei 2010-04-28T12:13:00Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432438#M712824 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Soory I bother you again.</P><P></P><P></P><P>I get this log from my firewall. I wonther why I don't hit the match on port 161 and 162. I have configured both with port 162 and 162 in conduit command.</P><P>Please look at in the log below.</P><P></P><P></P><P><BR /> %PIX-2-106006: Deny inbound UDP from 130.225.39.2/3405 to 192.34.44.X/162 on interface outside <BR /> %PIX-2-106006: Deny inbound UDP from 130.225.39.2/3388 to 192.34.44.X/162 on interface outside <BR /> %PIX-2-106006: Deny inbound UDP from 130.225.39.2/1033 to 192.34.44.X/162 on interface outside <BR /> %PIX-6-302013: Built outbound TCP connection 125486189 for outside:130.223.14.X/4319 (130.223.14.X/4319) to inside:10.99.1.X/1185 (192.34.44.X/1185) <BR /> %PIX-6-302013: Built outbound TCP connection 125484476 for outside:130.223.14.X/4319 (130.223.14.X/4319) to inside:10.99.1.X/1175&nbsp;&nbsp;&nbsp;&nbsp; (192.34.44.X/1175)</P></BODY></HTML> Wed, 28 Apr 2010 12:29:46 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432438#M712824 sfanayei 2010-04-28T12:29:46Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432439#M712825 <HTML><HEAD></HEAD><BODY><P>Hi Sfanayei,</P><P></P><P>Please add the following codnuit:</P><P></P><P><SPAN class="content"><PRE><SPAN lang="EN">conduit permit udp host 192.34.44.1 eq snmptrap host 130.223.14.1</SPAN></PRE><PRE><SPAN lang="EN"></SPAN></PRE><PRE><SPAN lang="EN">Regards,</SPAN></PRE><PRE><SPAN lang="EN"></SPAN></PRE><PRE><SPAN lang="EN">Ashu</SPAN></PRE></SPAN></P></BODY></HTML> Wed, 28 Apr 2010 12:52:25 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432439#M712825 astripat 2010-04-28T12:52:25Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432440#M712826 <HTML><HEAD></HEAD><BODY><P>Dear <SPAN lang="EN">Ashu</SPAN></P><P></P><P>I had already configured with snmptrap in the same way you had written. And still the same.:(</P><P></P><P>Rgards Sfanayei </P></BODY></HTML> Wed, 28 Apr 2010 13:00:33 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432440#M712826 sfanayei 2010-04-28T13:00:33Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432441#M712827 <HTML><HEAD></HEAD><BODY><P>Hi Sfanayei,</P><P></P><P>Can you paste the config?</P><P></P><P>Regards,</P><P>Ashu</P></BODY></HTML> Wed, 28 Apr 2010 13:07:10 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432441#M712827 astripat 2010-04-28T13:07:10Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432442#M712828 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Here coms:</P><P></P><P>conduit permit udp host 192.34.44.X eq snmp host 130.223.14.X (hitcnt=0)<BR />conduit permit udp host 192.34.44.X eq snmptrap 130.223.14.X (hitcnt=128)<BR />conduit permit tcp host 192.34.44.X eq 162 host 130.223.14.X (hitcnt=0)<BR />conduit permit tcp host 192.34.44.X eq 161 host 130.223.14.X (hitcnt=0)</P></BODY></HTML> Wed, 28 Apr 2010 13:20:35 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432442#M712828 sfanayei 2010-04-28T13:20:35Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432443#M712829 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Since it is a PIX you can use the counduit command.</P><P>Just out of curiosity, why don't use access-list sice the conduit command has been deprecated?</P><P></P><P>Federico.</P></BODY></HTML> Wed, 28 Apr 2010 13:24:12 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432443#M712829 Federico Coto Fajardo 2010-04-28T13:24:12Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432444#M712830 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>I had to take over the old configuration, and the pix id biult witch conduit and not access-list. But I plan to do so:)</P><P></P><P>Tanks!</P></BODY></HTML> Wed, 28 Apr 2010 13:30:32 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432444#M712830 sfanayei 2010-04-28T13:30:32Z https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432445#M712831 <HTML><HEAD></HEAD><BODY><P>Hi Sfanayei,</P><P></P><P>Please add the following:</P><P></P><P><BR />Add this,</P><P><BR />conduit permit udp host 192.34.44.X eq 161 host 130.223.14.X</P><P></P><P>Remember snmp port 161 is udp and not tcp.</P><P></P><P>Also, let me confirm that your snmp server is on the inside which is statically translated to <SPAN lang="EN">192.34.44.1 and we are trying to poll it from the outside host 130.223.14.X.</SPAN></P><P><SPAN lang="EN"></SPAN></P><P><SPAN lang="EN">Also, I am assuming that we do not have any access-lists configured on the firewall.</SPAN></P><P><SPAN lang="EN"></SPAN></P><P>Let me know how it goes.</P><P></P><P>Ashu</P></BODY></HTML> Wed, 28 Apr 2010 13:31:19 GMT https://community.cisco.com/t5/network-security/snmp-connection-through-pix-515-e/m-p/1432445#M712831 astripat 2010-04-28T13:31:19Z