Re: Cisco ASA - Configure SNMP

ciscokalpesh · ‎03-29-2010

Hi,

We have network management server. I have configured SNMP on our Cisco ASA 5520 device accordingly. My network management server can view the Firewall and i have also added the device in the server list. But i cannot see the interface through the server. We also want to configure it to monitor vpn traffic but it says that SNMP is down.

Can someone guide what steps should i configure to make sure snmp is correctly configured in Cisco ASA 5520 so that i can monitor the interface and its bandwidth ?

Thanks in advance.

K.

Jennifer Halim · ‎03-29-2010

Here is configuration guide to configure SNMP on ASA:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

Hope that helps.

ciscokalpesh · ‎03-29-2010

Hi,

Thanks for reply.

I have gone through that document and steps. Configuration for SNMP is quite simple. But i am not able to see the interfaces from my Network Management server. All other devices configured are fine, except the firewall.

Do we have to configure anything related to its interface ?

Thanks again,

K.

Jennifer Halim · ‎03-29-2010

What version of ASA are you running?

ciscokalpesh · ‎03-29-2010

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Jennifer Halim · ‎03-30-2010

You might want to check if the Network Management server has the correct MIB for ASA firewall.

Here is the MIB for ASA firewall for your reference:

ftp://ftp-sj.cisco.com/pub/mibs/supportlists/asa/asa-supportlist.html

ciscokalpesh · ‎03-31-2010

Hi,

I check with the support people of the network management server. They said, that there is no need to change MIB on the server or so.

I have configured the firewall as below,

snmp-server host inside 192.168.168.32 community ASASNMP version 2c
no snmp-server location
no snmp-server contact
snmp-server community ASASNMP
snmp-server enable traps syslog

Please guide if anything is incorrect or more configuration is required.

Thanks,

K

Jennifer Halim · ‎03-31-2010

Yes, that looks correct. The SNMP configuration on ASA is very simple, and if the NMS server can poll other things but the ASA interfaces, it doesn't seem to be an ASA issue. It sounds more like a MIB issue.

If you configure packet capture on the inside interface of the ASA for the SNMP poll traffic, can you check in pcap format the snmp poll packet especially for the interface polling.

Sergey Prishchepa · ‎02-11-2012

Please help. I configured snmp on the ASA like this

snmp-server host inside 192.168.168.32 community ASASNMP

no snmp-server location

no snmp-server contact

snmp-server community ASASNMP

snmp but the server did not receive.

Also for the ACA have a router on it, I also set up

snmp-server community ro ASASNMP

and also did not get. While all the other devices on the network all about. Please help. I configured snmp on the ASA like this

snmp-server host inside 192.168.168.32 community ASASNMP
no snmp-server location
no snmp-server contact
snmp-server community ASASNMP

snmp but the server did not receive.
Also for the ACA have a router on it, I also set up

snmp-server community ASASNMP ro
and also did not get. While all the other devices on the network all about.

mvsheik123 · ‎02-13-2012

Hi Kalpesh,

Do you have any other firewall in between? If so, it may be blocking the UDP traffic. If not, What is your managment software & version? It appears to be the issue with MIBs on management station. Apart from support, did you try to search online? You may not be the first one who is having this issue with this management software.

Thx

MS