management interface

ohassairi · ‎07-14-2011

Hi

we are using ciscoworks LMS station to telnet and http to one ASA firewall via its management interface.

now if i want to add this firewall to cwLMS,:

- if i will define it by its managent interface ASA will not accept SNMP traffic on this interface (only telnet/ssh/asdm are allowed)

-if i will define it by its internal interface, SNMP traffic can reach the ASA but the problem is in the return path. in fact for the ASA cw station is reacheable via management interface not internal. so a reverse path error will be displayed in log mesages.

i don't know if it is possible to let the asa accept snmp traffic on its managemt interface ?

brquinn · ‎07-15-2011

The ASA has no problem responding to SNMP polling on its Management interface. Just to be sure, I tested it quickly in the lab and had no problem running a snmpwalk against a "management-only" interface.

Thanks,

Brendan

ohassairi · ‎07-16-2011

thank you Brendan for your reply.

my management interface is in the same subnet as CW

when i try to add the asa to cw, i am getting 0 in snmp statistics. that's why i thought it does not accept snmp.

note that i can add other routers in CW.

INT-1M-FW# sho snmp statistics

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Get-bulk PDUs

0 Set-request PDUs (Not supported)

0 SNMP packets output

0 Too big errors (Maximum packet size 512)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

0 Trap PDUs