cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
5
Helpful
5
Replies

Castlerock SNMPc - And PIX Firewalls

davidjkent
Level 1
Level 1

Hi All,

I've just installed SNMPc (6) and discovered various parts of the network.

When Polling the PIX firewalls (running ver 6.3x) the inside interface responds but the DMZ interfaces and the outside interface don't.

They are being polled using status variable "RFC1213-MIB|ifOperStatus.6"

and OID CISCO-SMI|ciscoProducts.451

There doesn't seem to be much in the way of MIBs for the PIX's but I'd have thought you could get the intefaces status.

The SNMPc box sits on the inside network

any ideas?

Thanks

5 Replies 5

Patrick Iseli
Level 7
Level 7

Here is the link where you can find the MIB for the PIX.

Using SNMP with the Cisco Secure PIX Firewall:

http://www.cisco.com/warp/public/110/pixsnmp.html#mibsupportbyversion

sincerely

Patrick

davidjkent
Level 1
Level 1

Patrick thanks for the reply but it didn't address my question

Have you read the whitepaper and have you tryed with the CISCO-PROCESS-MIB-V1SMI.my MIB.

I never used CastleRock but it works without problem for MRTG and Solarwinds and I have never had troubles to get all interface stats.

I thought it might be problem with the MIB that you are using that might use the wrong OID.

PIX Firewall Software Versions 6.2.x and later: Previous MIBs and CISCO-PROCESS-MIB-V1SMI.my.

Note: The supported section of the PROCESS MIB is the cpmCPUTotalTable branch of the cpmCPU branch of the ciscoProcessMIBObjects branch. There is no support for the ciscoProcessMIBNotifications branch, ciscoProcessMIBconformance branch, or the two tables, cpmProcessTable and cpmProcessExtTable, in the cpmProcess branch of the ciscoProcessMIBObjects branch of the MIB

:-(

Thanks again for your assistance Patrick.

I managed to figure out the problem... SNMPc was trying to poll the IP addresses of the interfaces to get SNMP info. e.g to get the status of the oputside interface it polled the outside interface IP and got no response. I modified the program use the inside interface to gather SNMP info for all the intefaces and if works fine. (hope that makes sense)

Regards

David

j.docio
Level 1
Level 1

Hi,

Surelly I'm worng, but I remember that you cann't access (ping, telnet, snmp) to a PIX ussing a remote interface.

YOU--- outside-PIX-inside.

You can use ping/snmp to the outside interface (nearest interface to you), but you can do it to inside.

Hope this help ( and sorry by my english).

Juan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: