cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1383
Views
5
Helpful
4
Replies

SNMP allow rule is bidirectional ?

MrBeginner
Spotlight
Spotlight

Hi ,

I would like to ask about snmp allow rule in ASA. let say our network is like below .

App Server--->switch-->ASA--->SNMP server

 

I configure snmp configuration in server and switch to send log to snmp server.

I want to know if it is enough one direction rule : traffic source=App server/switch  and destionation to SNMP server.

Do i need to add allow snmp server to App server/switch also ?

4 Replies 4

@MrBeginner if the SNMP server is on an interface with a lower security level, and the connection is initiated from the lower security level interface then you need to explictly permit the snmp traffic.

Hi @Rob Ingram 

So it is we only enable one way traffic (port 162 ) from device to snmp server is enough ?

@MrBeginner depends on the security level or if you've configured ACL.

SNMP traps (udp/162) are sent from the device (switch/router) to the SNMP server.
SNMP queries (udp/161) are sent from the SNMP server to the device (switch/router).

So you only need to permit as above, the ASA is stateful and will permit the return traffic.

Hi @Rob Ingram ,

If i only want to monitor my network device status ( CPU,Memory,Interface up,down ) , it is enought 162 to SNMP server is enough ?

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: