devices send snmp trap to stealthwach

dijix1990 · ‎02-16-2023

I noticed strange situation, I configured netflow exporter on the asa's and snmp server for SMC to get name of interfaces, and I can see that SMC sent snmp request to device >161/udp, but device response to 162/udp. Why does it happen?

flow-export destination inside 192.168.0.55 2055
flow-export template timeout-rate 1
flow-export delay flow-create 60

class-map Netflow_Monitor
match any


policy-map global_policy
class Netflow_Monitor
  flow-export event-type all destination 192.168.0.55

SNMP:
snmp-server host inside 192.168.0.50 community snmpCom ver 2c

Marius Gunnerud · ‎02-16-2023

UDP/161 is used for SNMP polling by default, and UDP/162 is used by the device to send unsolicited SNMP traps.

did this answer your question?

--
Please remember to select a correct answer and rate helpful posts

dijix1990 · ‎02-16-2023

Hi, I know it, use it in zabbix, but why ASA sends snmp trap to SMC, maybe it usual situation for connecting with SMC, because I didn't configure snmp trap, I try to understand why my CPI server can get snmp response and SMC can't, configuration the same and when I start to check session and noticed that asa send snmp trap

dijix1990 · ‎02-16-2023

I found, when you run command -

snmp-server host inside 192.168.0.50 community snmpCom ver 2c

asa does it as

snmp-server host inside 192.168.0.50 community snmpCom ver 2c udp-port 162

so, it's because of asa behavour

Marius Gunnerud · ‎02-17-2023

Well, yes. When you define an SNMP server you are essentially telling the ASA to send SNMP traps to that server. If you do not want the ASA to send any SNMP traps remove the commands for snmp-server enable traps

--
Please remember to select a correct answer and rate helpful posts