Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2198
Views
0
Helpful
18
Replies

snmp orion question

Go to solution
Vishnu Reddy
Level 1
Level 1

‎12-10-2014 02:23 PM

Hi Guys,

 

I have Orion netflow server with IP address 192.168.5.68. I am trying to add a node(Internet Router IOS 12.x) from Internet to be represented in netflow for traffic monitoring. Orion server talks to the internet through ASA and to the Internet Router node which I am trying to add to Orion NTA.

I tried to apply Static NAT statements on the ASA so that Orion can talk to Internet router

 

static (inside,outside) 111.111.111.111 192.168.5.68 netmask 255.255.255.255

access-list outside_access_in extended permit udp any host 111.111.111.111 eq snmp

access-list outside_access_in extended permit tcp any host 111.111.111.111 eq 2055

 

Port 2055 is the port that is used by Orion NTA to collect netflow traffic.

 

Intenet router

G0/1 123.123.123.254 - connected to ASA - Outside of ASA - 123.123.123.1

G0/0 123.123.122.1 - Connected to Verizon Internet with default route 0.0.0.0 0.0.0.0 123.123.123.254 point to Verizon internet

 

Netflow configuration on the Internet router:

ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 111.111.111.111 2055

int g0/1

ip flow ingress

ip flow egress

 

Please tell me whether this above configuration will work or Is there is another way to configure this problem.

 

Thanks in advance


 

 

 

Labels:
0 Helpful
18 Replies 18

Go to solution
Vishnu Reddy
Level 1
Level 1
In response to Marvin Rhoads

‎12-12-2014 01:44 PM

Eventually I was able to add the node to Orion. I took some time to achevie this. Issue was i was not allowing the access-list on the inside interface for snmp.

Thanks for your help. Appreciate it.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Vishnu Reddy

‎12-12-2014 01:48 PM

You're welcome. Please take a moment to rate any helpful replies.

0 Helpful

Go to solution
Vishnu Reddy
Level 1
Level 1
In response to Marvin Rhoads

‎12-10-2014 06:00 PM

Hi Marvin,

Thanks for your reply. The internet router has no access-list applied on either interfaces. Does that mean it is permitting all traffic eg snmp,tcp,udp etc. It it pointing to default route toward verizon Internet.

I should bother putting access-list in order to make it work like allowing snmp traffic.

Thanks in advance

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Vishnu Reddy

‎12-11-2014 07:04 AM

You're welcome.

When we enable SNMP on publicly exposed routers it is a best practice to protect SNMP with an access-list as well as use SNMPv3 with PrivAuth (Privacy and Authentication). Orion NPM supports that fine so it shouldn't be a problem.

Please take a moment to rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents