Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1174
Views
0
Helpful
4
Replies

Entirely open firewall still blocking SNMP

Samuel8rown
Level 1
Level 1

‎09-08-2008 04:41 PM - edited ‎03-11-2019 06:41 AM

Somehow my FWSM is reporting SNMP requests blocked by an ACL, despite the ACL on the interface having only the two rules that permit all IP and all ICMP. Anyone encounter this before or know what's up?

Sample logged message from an SNMP request:

%FWSM-3-710003: UDP access denied by ACL from 155.155.155.155/2468 to outside:177.177.177.177/snmp

Addresses anonymized to protect the innocent.

Labels:
0 Helpful
4 Replies 4

ariesc_33
Level 1
Level 1

‎09-08-2008 06:24 PM

this could be related to nat..

"Some other protocols have problems with NAT. For example, SNMP network management generally does not work through a NAT point, because SNMP tools retrieve the IP addresses of devices. Since the format of the payload bearing the IP addresses is rather complex, no NAT device that I know of attempts to fix up the payload addresses. I know of a company that tried to develop code to handle this, and found it difficult..........."

http://www.netcraftsmen.net/welcher/papers/pix03.html

0 Helpful

Samuel8rown
Level 1
Level 1
In response to ariesc_33

‎09-08-2008 07:13 PM

Good thought. All the addresses on the system are NATted back to themselves, but having pointed SNMP at the ingress address, I didn't have the NAT bypass on its subnet. I'll have to give that a try.

0 Helpful

Samuel8rown
Level 1
Level 1
In response to Samuel8rown

‎09-08-2008 07:17 PM

Nope. No love.

0 Helpful

matej.polak
Level 1
Level 1

‎09-09-2008 03:00 AM

Make "no access-group your_ACL in outside" and put it back.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card