06-07-2021 06:15 AM
Hi,
I'm trying to add to my Zabbix monitoring our remote ASA5506X and I can't seem to figure out why I'm getting a No SNMP data collection. I've followed the configuration's suggested on this link
and I still don't know what I'm doing wrong. So far its the only network device not part of my monitoring right now.
Configuration is as follows:
ASA5506X-FW01# show run snmp-server
snmp-server host inside 10.11.15.31 community test version 2c udp-port 161
no snmp-server location
no snmp-server contact
snmp-server community test
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change cpu-temperature chassis-temperature accelerator-temperature
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
snmp-server enable traps config
logs just keep showing this:
6 | Jun 07 2021 | 9:12:06 | 302016 | 10.11.15.31 | 44025 | 10.11.240.130 (inside interafce) | 161 | Teardown UDP connection 674240 for outside:10.11.15.31/44025 to inside:10.11.240.130/161 duration 0:02:01 bytes 88 |
any help would be appreciated.
Thanks
Solved! Go to Solution.
06-07-2021 07:10 AM
my first impression is : this works ! the log reports snmp packets (possibly traps?) are sent to the destination
for the Zabix to query the ASA you also need to follow the section containing
The ASA uses tinterface with address 10.11.240.130 as the source interface for packets sent to the specified snmp-server 10.11.15.31
and suggest these command for troubleshooting
If the NMS cannot request objects successfully or is not handing incoming traps from the ASA correctly, use a packet capture to isolate the problem, by entering the following commands:
ciscoasa (config)# access-list snmp permit udp any eq snmptrap any
ciscoasa (config)# access-list snmp permit udp any any eq snmp
ciscoasa (config)# capture snmp type raw-data access-list snmp interface mgmt
ciscoasa (config)# copy /pcap capture:snmp tftp://192.0.2.5/exampledir/snmp.pcap
06-07-2021 07:10 AM
my first impression is : this works ! the log reports snmp packets (possibly traps?) are sent to the destination
for the Zabix to query the ASA you also need to follow the section containing
The ASA uses tinterface with address 10.11.240.130 as the source interface for packets sent to the specified snmp-server 10.11.15.31
and suggest these command for troubleshooting
If the NMS cannot request objects successfully or is not handing incoming traps from the ASA correctly, use a packet capture to isolate the problem, by entering the following commands:
ciscoasa (config)# access-list snmp permit udp any eq snmptrap any
ciscoasa (config)# access-list snmp permit udp any any eq snmp
ciscoasa (config)# capture snmp type raw-data access-list snmp interface mgmt
ciscoasa (config)# copy /pcap capture:snmp tftp://192.0.2.5/exampledir/snmp.pcap
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide