Solved: SNMP and NAT

Matthew burnley · ‎07-08-2015

Hello all.

I was wondering if you guys could clear something up for me. We have a SNMP server that monitors all the devices within the company and external customer devices with about 6500 sensors altogether. All our SNMP traffic outbound for the SNMP get is natted behind a single outside interface IP.

I have been seeing strange issues with new devices having issues sending SNMP data back to the collector and only resolved by creating a NAT outbound behind another IP in the same subnet. Could this be to do with the PAT running out of source ports?

Should i consider a NAT pool for the SNMP collector for outbound connections? We use an ASA firewall.

Cheers!

Carlos Amador · ‎07-08-2015

Matthew,

Each IP you use on a dynamic supports around 65k connections, so if you feel that in fact you have that many connections (globally, not only the SNMP server) behind the ASA, then consider a pool. Try checking the show xlate count to have a better idea what might be and a packet tracer on the ASA should give you some idea on what is happening as well:

packet-tracer input [source_interface] [tcp/udp] [source_IP] 1025 [destination_IP] [destination_port]

Regards

View solution in original post

Carlos Amador · ‎07-08-2015

Matthew,

Each IP you use on a dynamic supports around 65k connections, so if you feel that in fact you have that many connections (globally, not only the SNMP server) behind the ASA, then consider a pool. Try checking the show xlate count to have a better idea what might be and a packet tracer on the ASA should give you some idea on what is happening as well:

packet-tracer input [source_interface] [tcp/udp] [source_IP] 1025 [destination_IP] [destination_port]

Regards