06-23-2010 04:42 AM
hello, I am using the ASA 5505 firewall. Recently ,i have enabled the snmp in the device so that i can monitor the device through the monitoring tool.
So I installed the Cacti monitoring tool in my server. But the cacti is not showing the firewall graph. Instead, it is showing the SNMP error.
I am puzzled what to do .can anyone help me out ragarding this issue?
my snmp configuration is as follows:
snmp-server host inside x.x.x.x community secretword udp-port 161
snmp-server location Billing Room
snmp-server contact allen
snmp-server community *****
snmp-server enable traps snmp linkup linkdown coldstart
snmp-server enable traps syslog
Note: x.x.x.x represents the server IP address where i have installed cacti tool.
Regards,
Nisha
06-23-2010 05:33 PM
What errors are you seeing on the ASA? That is, is udp/161 being blocked on it or on another hop in the network? If you do a packet capture o
n the ASA, do you see the SNMP packets arriving?
06-23-2010 09:35 PM
hello,
i am not getting any errors related to the snmp in the ASA 5505. now what
can be done further?
waiting for your response.
Regards,
Nisha
On Thu, Jun 24, 2010 at 6:18 AM, jclarke
06-23-2010 09:36 PM
hello,
i am not getting any errors related to the snmp in the ASA 5505. now what can be done further?
waiting for your response.
Regards,
Nisha
06-23-2010 11:26 PM
Hi Nisha,
Can you open debug on asa?
"debug snmp event"
"debug snmp error"
"debug snmp packet"
You can see the server request in this way.
Regards,
06-24-2010 11:18 PM
hello,
The ASA 5505 didnt accept these commands:
"debug snmp event"
"debug snmp error"
"debug snmp packet"
Instead, it accepts only "debug snmp" command.
i hit this command in my machine but still it is not showing any error
messages.
what can be done now?
Regards,
Nisha
On Thu, Jun 24, 2010 at 12:11 PM, yucelbasoglu <
06-25-2010 02:02 AM
ok,
Please read the this document about ASA SNMP Configuration Example.
And,
Please try floowing configuration,
I hope I could help,
Regards,
Issue these commands to permit polling/queries and traps in the PIX:
snmp-server host #.#.#.# !--- IP address of the host allowed to poll !--- and where to send traps. snmp-server community <whatever> snmp-server enable traps
PIX Software Versions 6.0.x and later allow more granularity with regard to traps and queries.
snmp-server host #.#.#.# !--- The host is to be sent traps and can query. snmp-server host #.#.#.# trap !--- The host is to be sent traps and cannot query. snmp-server host #.#.#.# poll !--- The host can query but is not to be sent traps.
PIX/ASA Software Versions 7.x allow more granularity with regard to traps and queries.
hostname(config)#snmp-server host!--- The host is to be sent traps and cannot query !--- with community string specified. hostname(config)#snmp-server host trap community !--- The host can query but is not to be sent traps !--- with community string specified. poll community
Note: Specify trap or poll if you want to limit the NMS to receiving traps only or browsing (polling) only. By default, the NMS can use both functions.
SNMP traps are sent on UDP port 162 by default. You can change the port number with the udp-port keyword.
06-27-2010 11:50 PM
hello,
i already hit these commands. still it is not working.
On Fri, Jun 25, 2010 at 2:47 PM, yucelbasoglu <
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide