Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1738
Views
5
Helpful
1
Replies

Help in configuring SNMP for ASA5506X

Go to solution
ShadowoftheDarkgod
Level 1
Level 1

‎06-07-2021 06:15 AM

Hi,

 

I'm trying to add to my Zabbix monitoring our remote ASA5506X and I can't seem to figure out why I'm getting a No SNMP data collection. I've followed the configuration's suggested on this link

 

CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.15 - SNMP [Cisco Adaptive Security Appliance (ASA) Software] - Cisco

 

and I still don't know what I'm doing wrong. So far its the only network device not part of my monitoring right now.

 

Configuration is as follows:

 

ASA5506X-FW01# show run snmp-server
snmp-server host inside 10.11.15.31 community test version 2c udp-port 161
no snmp-server location
no snmp-server contact
snmp-server community test
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change cpu-temperature chassis-temperature accelerator-temperature
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
snmp-server enable traps config

 

logs just keep showing this:

 

6Jun 07 20219:12:0630201610.11.15.3144025

10.11.240.130

(inside interafce)

161Teardown UDP connection 674240 for outside:10.11.15.31/44025 to inside:10.11.240.130/161 duration 0:02:01 bytes 88

 

any help would be appreciated. 

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pieterh
VIP
VIP

‎06-07-2021 07:10 AM

my first impression is : this works ! the log reports snmp packets (possibly traps?) are sent to the destination
for the Zabix to query the ASA you also need to follow the section containing 
The ASA uses tinterface with address 10.11.240.130 as the source interface for packets sent to  the specified snmp-server 10.11.15.31

and suggest these command for troubleshooting

If the NMS cannot request objects successfully or is not handing incoming traps from the ASA correctly, use a packet capture to isolate the problem, by entering the following commands:


ciscoasa (config)# access-list snmp permit udp any eq snmptrap any
ciscoasa (config)# access-list snmp permit udp any any eq snmp
ciscoasa (config)# capture snmp type raw-data access-list snmp interface mgmt
ciscoasa (config)# copy /pcap capture:snmp tftp://192.0.2.5/exampledir/snmp.pcap

 

View solution in original post

1 Reply 1

Go to solution
pieterh
VIP
VIP

‎06-07-2021 07:10 AM

my first impression is : this works ! the log reports snmp packets (possibly traps?) are sent to the destination
for the Zabix to query the ASA you also need to follow the section containing 
The ASA uses tinterface with address 10.11.240.130 as the source interface for packets sent to  the specified snmp-server 10.11.15.31

and suggest these command for troubleshooting

If the NMS cannot request objects successfully or is not handing incoming traps from the ASA correctly, use a packet capture to isolate the problem, by entering the following commands:


ciscoasa (config)# access-list snmp permit udp any eq snmptrap any
ciscoasa (config)# access-list snmp permit udp any any eq snmp
ciscoasa (config)# capture snmp type raw-data access-list snmp interface mgmt
ciscoasa (config)# copy /pcap capture:snmp tftp://192.0.2.5/exampledir/snmp.pcap

 

Customers Also Viewed These Support Documents