05-20-2024 07:02 AM
Hello All,
We have a failover pair of Cisco ASA VE running 9.14 and have an issue polling for SNMP. The client device gets no answer, and tracing on the ASA shows the packet arriving and being un-nat from the inside interface to nlp_int_tap interface, and when it gets to the end of the flow it fails with a 'no valid V4 adjacency' .
I can see there is the auto nat rule
Auto NAT Policies (Section 2)
1 (nlp_int_tap) to (inside) source static nlp_server_0_snmp_intf2 interface service udp snmp snmp
translate_hits = 0, untranslate_hits = 11003
Source - Origin: 169.254.1.2/32, Translated: <redacted internal address>/24
Service - Protocol: udp Real: snmp Mapped: snmp
but does there need to be something added manually to the arp table to make it return the traffic to the client on the other side of the inside interface ?
Thanks
Ian
05-20-2024 11:00 AM
Source is 169.254? Why? What is the use-case for having ISE SNMP poll the ASA?
05-21-2024 04:29 AM
well, that is the thing, it's actually my internal monitoring server, which sits on our LAN on the side of the 'inside' interface. It's got a 10.10.32/20 address and the inside interface has a 10.10.59/24 address. The 169.254.1.2 is the address the kernel interface running snmp has. I'm targetting the inside interface for snmp. This is the un-nat on the first entry on the packet trace
None of the docs I've read cover doing anything except adding the source hosts.
And it works this morning, for no obvious reason..!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide