03-14-2007 12:24 PM
Hello,
I have installed LMS 2.5 and upgraded to LMS 2.6 how do i configure my PIX 515e to show up in LMS?
I can not figure out how to set the snmp ro and rw strings.
Solved! Go to Solution.
03-15-2007 09:25 AM
You need to add an snmp-server host command for your CiscoWorks server. For example, if your CiscoWorks server's address is 10.1.1.1, and it is on the inside interface of the PIX:
snmp-server host inside 10.1.1.1
03-14-2007 12:34 PM
You will first need to make sure you have all of the latest RME 4.0.5 device packages installed from Cisco.com. You can do this under Common Services > Software Center > Device Update. The PIX 515E support was added recently.
To add a device and credentials into LMS 2.5+, go to Common Services > Device and Credentials > Device Management, and click Add. First fill in all of the device identity information (i.e. hostname, IP, etc.), then click Next to fill in the credentials (including the community strings).
Note: you only need a read-only community string for PIXes.
03-14-2007 12:34 PM
there is no rw in pix.
03-14-2007 12:40 PM
Ok I have the ro string set in the PIX
However when I run the inventory collection it fails on the PIX with Transport session to device failed. Cause: Authentication failed on device.
03-14-2007 12:58 PM
Inventory Collection or Config Collection? This error looks more like a configuration archive sync message. What version of the Pix RME device package do you have? Does SNMP Walk of the PIX work in the LMS Device Center using the same RO community string you specified in DCR?
03-15-2007 05:05 AM
Failed to snmpwalk the device. Please check your community string and starting OID, and try again.
How do i konw what the starting OID is?
03-15-2007 08:17 AM
The problem is most likely not the starting OID (though you can try .1.3.6.1.2.1.1), but rather with the SNMP configuration on the PIX. What is your configuration? Is the LMS server allowed to query the PIX via SNMP?
03-15-2007 08:42 AM
In the PIX i have these settings
snmp-server location MTR
snmp-server contact ******
snmp-server community ******
snmp-server enable traps snmp
03-15-2007 09:25 AM
You need to add an snmp-server host command for your CiscoWorks server. For example, if your CiscoWorks server's address is 10.1.1.1, and it is on the inside interface of the PIX:
snmp-server host inside 10.1.1.1
03-15-2007 10:36 AM
Ok that worked, so i have to do the same for a VPN 3000 Concentrator?
03-15-2007 10:42 AM
You first need to enable SNMP on the concentrator, then add your strings, and save your configuration. See http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee11f.html#wp999648 for documentation.
03-15-2007 10:55 AM
I have already configured these settings.
03-15-2007 11:06 AM
Then double-check the community string is valid DCR for the Concentrator, and make sure there are no firewalls between the LMS server and the Concentrator that could be blocking SNMP.
You should also check your Concentrator filters and rules to see if you're blocking SNMP. That is done under Configuration > Policy Management > Traffic Management.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide