Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
218
Views
0
Helpful
3
Replies

5505 ASA Inside SNMP not working

rayyaan fayker
Level 1
Level 1

‎07-08-2015 05:54 AM - edited ‎03-05-2019 01:49 AM

hello 

 

i am trying to monitoring an 5505 ASA via the inside interface from a server that's coming from the outside. which keeps on failing but it works fine if i put in the outside interface as a destination. 

for the love of god i have been trying everything and cant get something so simple to work. below is what i have configured. is there natting which i will have to enable so i can make this work?

!
interface Ethernet0/0
 description Uplink to VM LAB
 switchport access vlan 10
!
interface Ethernet0/1
 description Uplink to  Corp NW
 switchport access vlan 99
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7

!
interface Vlan1
 no nameif
 no security-level
 no ip address
!
interface Vlan2
 nameif management
 security-level 0
!
interface Vlan10
 nameif inside
 security-level 100
 ip address 10.3.249.254 255.255.255.0
!
interface Vlan99
 nameif outside
 security-level 0
 ip address 10.3.250.20 255.255.255.0
!

snmp-server group d###s v3 priv
snmp-server host inside 10.3.210.225 community ***** version 2c
snmp-server host outside 10.3.210.225 community ***** version 2c
snmp-server location Engen IBD LAB
snmp-server contact R####
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog

 

 

Labels:
0 Helpful
3 Replies 3

rizwanr74
Level 7
Level 7

‎07-08-2015 11:04 AM

"which keeps on failing but it works fine if i put in the outside interface as a destination."

 

This is an expected behavior of the ASA.

You must configure on which interface snmp queries are coming to the ASA, firewall cannot assume thing on its own.

 

0 Helpful

johnlloyd_13
Level 9
Level 9

‎07-08-2015 11:00 PM

hi,

is 10.3.210.255 located on the 'inside' or 'outside' the ASA?

do you have static routes configured?

can you at least ping 10.3.210.225?

0 Helpful

rayyaan fayker
Level 1
Level 1
In response to johnlloyd_13

‎07-09-2015 02:51 AM

i have test ping but keep on failing, the 10.3.210.225 is located on the outside and we are trying to monitor the inside interface for snmp.

 

we currently found an alternative and thats to run snmp V3 on the ouside interface for secure reasons.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card