I recently replaced a pair of 5510s with 5520s going from 8.2 to 9.1. Aside from ACLs being cleaned WAY up, that's the only thing that's really changed here. The 5510s worked fine in NMS (Orion), but the 5520s will not.
SNMP in this case goes over a site to site tunnel (remote location) on an interface labeled management:
snmp-server host management 10.71.127.73 community *****
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
GigabitEthernet0/2.100 management 10.0.100.254 255.255.255.0 CONFIG
access-list CardAccessVPN extended permit ip 10.0.100.0 255.255.255.0 10.71.127.0 255.255.255.0 (tunnel ACL)
NMS is on 10.71.127.73
I have the switch stack at this location (10.0.100.11) polling just fine.
I can see this at least:
UDP outside 10.71.127.73:56514 management 10.0.100.254:161, idle 0:00:00, bytes 45, flags -
UDP outside 10.71.127.73:56768 management 10.0.100.254:161, idle 0:00:01, bytes 192, flags -
UDP outside 10.71.127.73:58258 management 10.0.100.254:161, idle 0:00:05, bytes 147, flags -
UDP outside 10.71.127.73:57766 management 10.0.100.11:161, idle 0:00:13, bytes 6724, flags -
UDP outside 10.71.127.73:61260 management 10.0.100.11:161, idle 0:00:21, bytes 86, flags -
Community and version match what I'm polling with on NMS - like I said, the "base" configs are the same. I cannot snmp walk the device either outside of Orion.
I've tried removing and re-adding the node in Orion, but no luck.
the 'management' interface usually responds to traffic where the ASA itself is the destination (i.e. ping, SSH, etc), but can't pass any transit traffic through the ASA to or from another interface. do you have this line under 'management' interface?
"management" in this case is really just a moniker for our management vlan(s), not the actual management interface itself.
On this network it's the firewall itself as the gateway, a 3850 switch stack, a KVM, and a Cyclades.
The switch stack 10.0.100.11 responds to SNMP from 10.71.127.73 just fine, but the ASA 10.0.100.254 is no longer responding to them where as it used to prior to replacing hardware.