cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15477
Views
30
Helpful
17
Replies

Viewing SNMP communities on ASA

jedavis
Enthusiast
Enthusiast

Is there any way to retrieve the configured SNMP communities from an ASA now that this information has been obfuscated in system:running-config?

-Jeff

1 Accepted Solution

Accepted Solutions

in your case you need the following commands 

#changeto context fw-1

CORFW/pri/act/fw-1# show snmp-server group

 

let me know, this should show your community strings/key

View solution in original post

17 Replies 17

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

So do we want to know what communities have been configured on the ASA ?

Have we removed them ?

Regards,

Aditya

In the ASA configuration displays SNMP communities are obfuscated, like this:

ASA# show conf | i community
snmp-server host outside NMS-SERVER community *****
snmp-server community *****

As near back as 9.2 you could still display those communities using this command:

ASA# more system:running-config | i community
snmp-server host outside NMS-SERVER community public
snmp-server community public

I do not know when it changed, but in version 9.4 the more system:running-config command now also obfuscates the SNMP communites.  In version 9.4 is there any way to recover these community strings?

Release notes do not show any change in behavior on 9.4.

However, I feel it depends on the "snmp-server community" command.

Please check :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s15.html#pgfId-1559085

And confirm if you have used :

snmp-server community 0 cisco

or

snmp-server community 8 cisco

Since, as per command reference, it is clearly written :

"After you have used an encrypted community string, only the encrypted form is visible to all systems (for example, CLI, ASDM, CSM, and so on). The clear text password is not visible."

Regards,

Pulkit Saxena

This doesn't work in multi-context mode:

 

plccdtfw/sec/act# more disk0:/plcfw2.cfg | i community
snmp-server host outside 10.18.58.232 community ***** version 2c
snmp-server host outside 10.16.47.244 community ***** version 2c
snmp-server host outside 10.16.16.91 community ***** version 2c