Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
779
Views
0
Helpful
3
Replies

ASA 5508 - SNMP is not working on Management1/1 "diagnostic" interface

ABaker94985
Spotlight
Spotlight

‎01-17-2022 04:32 PM

The diagnostic interface is reachable over a VPN tunnel by our NMS server (can ping and ssh into it), but the firewall (ASA 5508X running FTD 7.0.1,  managed mostly by CDO except for SNMP and DHCP relay (argh!!)) isn't responding to SNMPv3 queries - nothing comes back as shown in Wireshark. I noticed that a public community string is configured by default (why??!!!), and it isn't responding for this either. Does anything have to be configured for the diagnostic interface for the firewall to respond? Thank you.

 

snmp-server group AUTH v3 auth
snmp-server group PRIV v3 priv
snmp-server group NOAUTH v3 noauth
snmp-server user asasnmp PRIV v3 engineID 8000e1320dff8b4eadcb2d2637d encrypted auth sha 51:d5:1b:1c:2b:ac:15:12:af:81:9b:f5:3f priv aes 128 22:50::bc:45:72:f8:7e:7a:3c:dd
snmp-server host diagnostic 10.1.1.1 version 3 mysnmp

snmp-server location null
snmp-server contact null
snmp-server community public
class-map class_snmp
class class_snmp
inspect snmp

snmp-server location null
snmp-server contact null

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2022 06:42 AM

not sure what is wrong based on the config provided ? is the managmenet IP reachable to NMS :

 

check the config again :

 

https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/213971-configure-snmp-on-firepower-ngfw-applian.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ABaker94985
Spotlight
Spotlight
In response to balaji.bandi

‎01-18-2022 07:08 AM

It is reachable - I can both ping and ssh into the management interface from the NMS. SNMP was configured without error according to https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216551-configure-and-troubleshoot-snmp-on-firep.html

 

I've considered moving the SNMP configuration to the outside interface, but at this point I can't figure out how to remove the public community string that was preconfigured on the FTD. The firewall doesn't appear to be responding to the public string on the outside interface currently, and I don't really want to insert another one I know will be responding.

0 Helpful

Marius Gunnerud
VIP
VIP

‎01-18-2022 07:34 AM

I have the same issue with my FTDs.  Documentation states that SNMP from the management interface is supported but I have not been able to get it working.  We have also moved the SNMP to data interfaces instead.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card