Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
889
Views
0
Helpful
1
Replies

SNMP Trap Packets not reaching NMS Server

ngijare
Level 1
Level 1

‎04-21-2005 11:54 PM - edited ‎02-21-2020 12:05 AM

I have following network connectivity -

Client network --> Client Checkpoint firewall --> IPSec tunnel --> Cisco 3000 VPN Concentrator --> PIX Firewall --> NMS Server LAN

Using this connection, I am doing SNMP Management for all client network devices.

I am facing a strange problem. When I do SNMP polling, I receive proper data from my monitored devices. But when the monitored device generates a trap message, it never reaches my NMS Server. I run capture on PIX firewall to see if the traps are getting there, but see nothing.

When I generate a trap from my monitored device, it reaches the checkpoint firewall, and firewall pushes it on right IPSec tunnel. But it never reaches my PIX.

Initially I thought that it might be an issue with PIX rules. But I have allowed SNMP traps from all monitored devices to reach my NMS server.

Can you please help me or give me some suggestion on how to proceed with the troubleshooting.

Thanks and Regards

Nandan

0 Helpful
1 Reply 1

paddyxdoyle
Level 6
Level 6

‎04-22-2005 06:54 AM

Hi,

One of the things i would try is using Ethereal on one of your client network devices, try to telnet to your NMS on port 161 whilst sniffing the traffic using ethereal.

This will show you for definate if your are getting a response from the NMS, the response will be an RST however it will prove whether you have connectivity or not.

I'm not familiar with the VPN concentrator but does this have any internal filtering happening as normally on an IPSEC router i would have access lists on the external interface permiting ESP and isakmp, and then on the internal interface an access-list permittng access to the real protocols/destination addresses. I guess this is not the case in your network as your PIX will be doing this, might be worth a check.

I think also you need to get a sniffer sitting on the external side of your VPN concentrator and see if SNMP is hitting it, if so then move it to the internal interface and so on.

Other than this maybe speak to the ISPs, perhaps SNMP traps have been blocked somewhere :)

HTH

Paddy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card